What is the purpose of the role?
This role works with business representatives to translate cyber security architecture & technology requirements into proportionate security controls within the operational and project areas of the Technology and Transformation Alliance (TTA). Thames Water is driving its digital strategy and this is an important role in ensuring the security of our digital capability. This role assists the cyber security manager for defining security strategy, designing security architecture as well as assessing appropriate future technologies within the cyber function in Thames Water. This role will interact very closely with programme managers, project managers, and business owners across the organisation to ensure security is designed into projects and appropriate risk assessments and mitigations are done to select mitigating controls. This role will also: Assist in the development, implementation and maintenance of a governance framework for ensuring Secure Design within IT projects and systems. Engage with TTA teams, Internal Audit and other business stakeholders to ensure that security strategy, architecture designs and security technology roadmaps are kept validated and communicated throughout the business. Engage with managers across the business to ensure any required security consultancy is provided in an efficient and timely manner. Be proactive in assisting Thames Water reduce its cyber security risk.
What makes this role unique?
Thames Waters Technology and Transformation Alliance (TTA) deliver its technology services and projects in the future. We work closely with partners who bring their own skills, knowledge, capabilities, insight and innovative thinking to the alliance, which combined with the Thames teams experience and knowledge of our business, create an innovative way of working and delivering technology services and projects.
What will this role involve?
Assist in the definition, documentation and ownership of our cyber security strategy and security architecture technology roadmap. Ensure end-to-end core cyber security architectures are fully defined in compliance with agreed policies and standards, and guidelines. Assist in developing information security architecture artefacts appropriate to business, technology and legal requirements and in accordance with best professional and industry practice. Assist in the development of technical security controls to support the overall cyber security infrastructure within the company. Assist in carrying out security control reviews, business risk assessments, and reviews that follow significant breaches of security controls. A security risk plan exists as part of the overall operational risk register and the IS departmental risk register. Risk assessments are undertaken as required and fully documented. Ensure security audits and risk assessments are undertaken as required and results fully documented.
What are we looking for?
We are looking for a graduate or equivalent with relevant technical degree and/or membership of a professional information / cyber security body.
3+ years' experience in information security / cyber security, with an operational business background and therefore an understanding of all business function operations.
Good business networking skills and good process definition capability.
Experienced in working with 3rd party delivery partners.
Excellent interpersonal skills, will be an effective communicator and will be fully experienced at dealing with stakeholders.
Demonstrable awareness of the uses of information security within the utility industry; will be proficient in discipline specific National and International Standards and an expert in cyber security risk management.
They will also be expert in access control systems and have a proficient knowledge of associated legislation.
Familiarity with quality management, advanced techniques for business process improvement, cloud security controls and stakeholder management.
Good knowledge of business, process and information security functions has an awareness of current security threats, and is able to translate threats and vulnerabilities into appropriate controls and mitigations within IT projects.
Experience in working with national/international standards e.g. ISO27001, ISO9001, ITIL and a change management background.
Desirable qualifications include CISSP - Certified Information Systems Security Professional (ISC2), CCNA Security (Cisco).
Thames Water information and salary details
This role is based at Clearwater Court, Reading. We are offering a salary of between £38,250.00 and £45,000.00 dependent upon skills and experience, as well an industry leading pension scheme.
Closing Date: The closing date for applications is 20/12/2017.