Business Information Security Manager

Requisition ID
Work Location
Additional Work Locations
Department / Discipline
Information Technology
Position Type
Staff / Permanent

Overview / Responsibilities

Wood is currently recruiting a Business Information Security Manager who will be accountable to the Business Information Security Officer for the implementation and operational management of Information Security Operations and associated controls across Wood. This individual will manage and maintain the organization's cyber security systems and infrastructure and protects the organization's IT systems and computer networks against cyber attacks, intrusions, malware and various types of data breaches. This role can be based anywhere in the UK, as we work on a hybrid/remote working basis.


Key Accountabilities and Responsibilities:


Information Security Operations


  • Responsible for managing global Information Security Operations through an outsourced IT delivery model
  • Define business impact of security incidents and identify and drive recommendations for change to prevent similar incidents
  • As subject matter expert on the team/function and beyond, maintain understanding of current technology, database management, programming practices, and future trends through ongoing education, conference attendance and industry press
  • Responsible for the day to day running of security including ensuring relevant SLAs for Information Security are met or exceeded
  • Provide regular and timely reporting on the Information Security status globally
  • Provide escalation path for Information Security issues, incidents, and enquiries
  • Continuously improve the Incident Response process including the handling of all Information Security incidents in combination with the outsourced delivery partner
  • Collect and act upon diverse threat intelligence to enhance Wood’s Information Security protection
  • Champion Information Security throughout the business and serve as a focal point for business enquiries
  • Develop a solid Information Security foundation based on a continuous improvement cycle with equal weighting placed on People, Process, and Technology
  • Responsible for information security operations delivery and baseline compliance of infrastructure (including monitoring, reporting and assurance) through IT service partner.  This includes security controls of servers, desktops, laptops, networks, wireless, security appliances, and email.  Regular service compliance reporting will be monitored with agreed KPIs and KRIs
  • Optimise technical controls to ensure efficient protection of Wood Information assets and infrastructure
  • Accountable for assisting in law enforcement relationships for threat intelligence including that of the United States Department of Homeland Security, Police Scotland, US FBI (Infragard), UK Cyber Emergency response team (UK-CERT) and UK CPNI (Centre for Protection of National Infrastructure)
  • Proactive identification and remediation of vulnerabilities across all IT platforms


Business Information Security Management

  • Provide support to key business initiatives by developing and disseminating threat-related intelligence and guidance on security and resiliency policies and standards
  • Act as the trusted advisor to the Business, providing required clarifications and support with pre and post sales activities (e.g. explain Wood Information Security program, support external audits, client request response)
  • Develop and enhance Wood Information Security posture and maturity levels whilst ensuring they remain aligned with business objectives and goals
  • Assist with merger and acquisition due diligence, as needed, for Information Security risks and control alignment
  • Ensure Information Security is viewed as a business enabler


Cyber Security Manager Specific

  • Develop policies, procedures, and related guidelines for an important area of responsibility within a function, ensuring compliance with external requirements and integration with the broader functional policy framework
  • Ensure that business activities within the area of responsibility comply with relevant external regulatory and/or voluntary codes and with internal policies and procedures to minimize business risk and to protect the reputation of the organization

Skills / Qualifications


  • Good level of experience in a related role
  • Degree in related business or equivalent years’ experience
  • Recognised Information Security qualification (e.g. CISSP, CISM, etc) or equivalent knowledge
  • Technical certification in relevant Information Security controls (e.g. CCNA Security, Palo Alto ACE, etc) or equivalent knowledge


Knowledge, skills and experience:

  • Strong familiarity with governance and controls frameworks, such as COBIT, COSO, ITIL, ISO, CEP and NIST
  • Broad knowledge of IT, Information Security, Cloud, and emerging trends
  • Detailed technical knowledge of Information Security operational controls
  • A sound understanding of security best practice and relevant international standards
  • Experience in Information Security Operations
  • Experience of dealings with third party regulators
  • Experience of working with risk management methodologies and frameworks

Company Overview

Wood is a global leader in consulting and engineering, helping to unlock solutions to critical challenges in energy and materials markets. We provide consulting, projects and operations solutions in 60 countries, employing around 35,000 people.

Diversity Statement

We are an equal opportunity employer that recognises the value of a diverse workforce. All suitably qualified applicants will receive consideration for employment on the basis of objective criteria and without regard to the following (which is a non-exhaustive list): race, colour, age, religion, gender, national origin, disability, sexual orientation, gender identity, protected veteran status, or other characteristics in accordance with the relevant governing laws.


Join the Talent Community

Interested in working for Wood? Take the first step today by joining our talent community. By joining the community, your chances of matching to the right role are increased, as our recruiters search the community daily to match open positions with member profiles.

If you can’t see the perfect role advertised online, the talent community is the best way to keep up to date with job opportunities and events relevant to you.

Click here to join today!