Wood is currently recruiting a Business Information Security Manager who will be accountable to the Business Information Security Officer for the implementation and operational management of Information Security Operations and associated controls across Wood. This individual will manage and maintain the organization's cyber security systems and infrastructure and protects the organization's IT systems and computer networks against cyber attacks, intrusions, malware and various types of data breaches. This role can be based anywhere in the UK, as we work on a hybrid/remote working basis.
Key Accountabilities and Responsibilities:
Information Security Operations
- Responsible for managing global Information Security Operations through an outsourced IT delivery model
- Define business impact of security incidents and identify and drive recommendations for change to prevent similar incidents
- As subject matter expert on the team/function and beyond, maintain understanding of current technology, database management, programming practices, and future trends through ongoing education, conference attendance and industry press
- Responsible for the day to day running of security including ensuring relevant SLAs for Information Security are met or exceeded
- Provide regular and timely reporting on the Information Security status globally
- Provide escalation path for Information Security issues, incidents, and enquiries
- Continuously improve the Incident Response process including the handling of all Information Security incidents in combination with the outsourced delivery partner
- Collect and act upon diverse threat intelligence to enhance Wood’s Information Security protection
- Champion Information Security throughout the business and serve as a focal point for business enquiries
- Develop a solid Information Security foundation based on a continuous improvement cycle with equal weighting placed on People, Process, and Technology
- Responsible for information security operations delivery and baseline compliance of infrastructure (including monitoring, reporting and assurance) through IT service partner. This includes security controls of servers, desktops, laptops, networks, wireless, security appliances, and email. Regular service compliance reporting will be monitored with agreed KPIs and KRIs
- Optimise technical controls to ensure efficient protection of Wood Information assets and infrastructure
- Accountable for assisting in law enforcement relationships for threat intelligence including that of the United States Department of Homeland Security, Police Scotland, US FBI (Infragard), UK Cyber Emergency response team (UK-CERT) and UK CPNI (Centre for Protection of National Infrastructure)
- Proactive identification and remediation of vulnerabilities across all IT platforms
Business Information Security Management
- Provide support to key business initiatives by developing and disseminating threat-related intelligence and guidance on security and resiliency policies and standards
- Act as the trusted advisor to the Business, providing required clarifications and support with pre and post sales activities (e.g. explain Wood Information Security program, support external audits, client request response)
- Develop and enhance Wood Information Security posture and maturity levels whilst ensuring they remain aligned with business objectives and goals
- Assist with merger and acquisition due diligence, as needed, for Information Security risks and control alignment
- Ensure Information Security is viewed as a business enabler
Cyber Security Manager Specific
- Develop policies, procedures, and related guidelines for an important area of responsibility within a function, ensuring compliance with external requirements and integration with the broader functional policy framework
- Ensure that business activities within the area of responsibility comply with relevant external regulatory and/or voluntary codes and with internal policies and procedures to minimize business risk and to protect the reputation of the organization
