Aim of the role
This role is part of A.S. Watson Group IT Security function and has a main responsibility for supporting A.S. Watson Group (Europe) companies in the UK (Superdrug, The Perfume Shop and Savers) and is accountable for ensuring that such businesses are aligned to the Group IT Security Data Privacy & Security Strategy.
The role is responsible for corporate compliance activities including, but not limited to, the development, improvement, planning and execution of compliance testing, controls assessment and documentation. This role will also be accountable for delivery of security compliance for systems (whether based on premise or hosted by third party cloud solution providers) in line with the requirements identified in the Group Data Privacy & IT Security Strategy.
This role will report to the Group Head of Data Privacy & IT Security and work closely with the UK IT Team and other local stakeholders.
- SECURITY & COMPLIANCE: Leads all security and compliance matters including but not limited to implementation of new security tools, secure by design process, ISF Standard of Good Practice 2016 controls, GDPR, SYNERGI GRC Tool and Internal / External Auditor engagements.
- AUDIT: Acts as the principle contact for all IT security auditors and ensures audit summaries and reports are produced and reviewed with recommendations for remediation and improvement.
- ASSESSEMENT: Supports in the execution of general data privacy assessment processes (including third party assessments), internal control reviews and risk assessments to monitor compliance with information security policies and standards.
- STANDARDS: Supports in the review, design and implementation of IT security standards and embeds across the business.
- INCIDENT RESPONSE: Develops and maintains local Security Incident Response Procedures and Data Breach Guidelines and is the principle contact available for consultation on potential security incidents, taking a leadership role in emergency security situations.
- SECURITY OPERATIONS CENTRE: Supports with remediation and solution design related to vulnerability scanning, pen testing of critical assets and works closely with the managed Security Operations Centre to design security monitoring and remediation plans.
- EXPERTISE & INFLUENCE -Provides security subject matter expertise on projects undertaken by UK businesses. Acts as advisor on all business security policy, security strategy and risk management issues.
- TRAINING: Provides training, instruction and guidance to team to IT Associates, and other staff members where appropriate. Supports in the execution of the local Security Awareness Program and development and review of training materials.
Skills & Experience required
- Minimum of five years in similar IT compliance or security role
- Accreditation in CISA, CISM, CGEIT, CISSP or COBIT disciplines are desirable
- Experience with supporting the implementation of IT security strategy and GDPR
- Experience with implementing Governance, Risk and Compliance solutions
- Technical knowledge of relevant security tools and processes
- Excellent communication skills, both written and verbal
- Exceptional interpersonal skills and the ability to work across the organisation at all levels
- Has a positive attitude to developing professional knowledge, expertise and personal skills that lead to increased effectiveness and career progression