This is a highly skilled role at BPP that must ensure BPP maintain a trusted partner, customer and in house reputation for dealing with IT security requirements. The successful candidate will need to represent BPP on all security matters and ensure a high level of proactive security processes are maintained across the business. These processes will ensure that not only security threats are identified, but that action is taken proactively to mitigate identified threats and communicate these with the clients and management team.
Our ideal candidate will
- Be the authoritative voice on security matters for BPP.
- Be conversant with modern security requirements and processes including ISO standards
- Manage the governance process for IT security across existing services & new opportunities, such as leading on threat modelling exercises and owning all security testing activities.
- Be fluent in technical security standards such as OWASP
- Continually improve upon and embed industry standard information security practices across the group
- Be aware of and conversant with the security services marketplace and developments.
- Own any security contract relationships to ensure adherence to contracts and requirements.
- Own security Policies & Processes at BPP and ensure implementation into customer operations teams.
- Ensure security incident reporting Policies and procedures are in place across the operations teams and communicated.
- Develop security Monitoring and Threat monitoring solutions.
- Ensure Processes are in place to ensure actions are taken and closed out when threats are identified, for example following a penetration test.
- Liaise with Client CSO level employees to ensure visibility of security activities and that they meet client contractual requirements and expectations.
- Ownership of the BPP security strategy & roadmap in line with emerging threats & the changing landscape of IT and Business Services.
- Ownership of client facing security structures for to include incident reporting, monitoring and client risk alerts.
- Review, assess & recommended action for operational delivery services to ensure they are following security best practice & company policies, building security in to day to day thinking and practices across delivery.
- Working closely with the BPP IT Team to continually develop the security systems and processes
- Own proactive communication of appropriate threats to staff/students on a regular basis, to ensure information security is embedded within The Group
- Establish themselves as the go to individual for all security questions relating to both client and supplier contracts
- Partner with multiple projects and initiatives to apply security architecture requirements, develop solutions, integrate security into solution designs, access risks of security gaps, and develop architecture remediation.
- Annual security testing
- Lead security initiatives and ensure their successful execution.
Department: Technology – Operations
- Significant experience in a senior IT security related role in a large multi sector environment.
- Demonstrates knowledge of IS027001, BS25777 & PCI-DSS.
- Demonstrates thought leadership in all aspects of security i.e. IAM, network, data etc
- Significant experience in information and cyber security.
- demonstrate extensive DLP experience in complex organisations
- Ability to manage and deliver projects, including development of project plans, project goals and objectives, tasks, required resources, and timelines for completion.
- Good understanding of security related technology like firewalls, WAFs, IDS/IPS systems, SIEM systems, etc. Hands-on experience in one of these domains is always a plus.
- Analytical thinking and problem solving skills with focus on results and customers.
- Overseeing and conducting risk management activities (risk assessment, gap analysis, business impact analysis, threat and vulnerability evaluations, etc.) to help BPP reach an acceptable level of risk.
- Excellent Communications skills to C level within client organisations.
- Excellent presentation skills.
- Educated to degree level with considerable professional experience gained operating at a senior level in private or public sector with a demonstrable track record of managing risk & operational security services is essential.
- Industry accepted IT Security certification e.g. CISSP. CISM or ISSMP.