Scribd Logo
Upload

Welcome to Scribd!

  • Role Profile: (Name) Draft

    Uploaded by

    sdfsdf1581
    30 views3 pages
    This role's primary purpose is to provide information security, IT compliance and Risk Management support within the IT function and to the business. Provide support and expertise for Information Security compliance to standards and audits such as SOX and PCI / DSS And ISO27001 Provide Risk Management analysis and support to the buisness, ensuring risks are appropriately identified. Keeping abreast of the ever changing threat landscape and ensuring Everything Everywhere has the appropriate security toolsets to mitigate these risks.

    Original Description:

    Original Title

    123

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This role's primary purpose is to provide information security, IT compliance and Risk Management support within the IT function and to the business. Provide support and expertise for Information Security compliance to standards and audits such as SOX and PCI / DSS And ISO27001 Provide Risk Management analysis and support to the buisness, ensuring risks are appropriately identified. Keeping abreast of the ever changing threat landscape and ensuring Everything Everywhere has the appropriate security toolsets to mitigate these risks.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    30 views3 pages

    Role Profile: (Name) Draft

    Uploaded by

    sdfsdf1581
    This role's primary purpose is to provide information security, IT compliance and Risk Management support within the IT function and to the business. Provide support and expertise for Information Security compliance to standards and audits such as SOX and PCI / DSS And ISO27001 Provide Risk Management analysis and support to the buisness, ensuring risks are appropriately identified. Keeping abreast of the ever changing threat landscape and ensuring Everything Everywhere has the appropriate security toolsets to mitigate these risks.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    Confidential

    Role Profile

    Role title: Security Support Analyst Version


    number:
    Reports to: Information Security Function: IT Security and
    and Risk Manager Risk
    Band/Grade: GGS11 Location: Bristol / Hatfield

    Organisation Department is responsible for Information Security,


    structure & PCI/DSS and Data Governance across the whole
    department company and Risk Management within IT.
    profile:
    Created by: Director: Date: 15/3/11

    HR Date:
    Partner:

    Role purpose:  This role’s primary purpose is to provide Information


    security, IT compliance and Risk Management support
    within the IT function and to the business
    Key • Provide support and expertise for Information Security
    Responsibilities & compliance to standards and audits such as SOX and
    Accountabilities: PCI/DSS. And ISO27001
    • Provide Risk Management analysis and support to the
    (In priority order)
    buisness, ensuring risks are appropriately identified by
    working with the directors and their teams,
    documented and where required escalated through
    management.
    • Provide management reporting on information security
    risk management and compliance
    Key Challenges:  Developing and gaining acceptance for Risk
    (in priority order) Management within the companies.
     Understanding and articulation what is a Risk vs what
    is a Issue and identifying the key risks that need
    addressing.
     Supporting the business in being in the best position
    to ensure compliance to the security requirement of
    SOX and PCI/DSS and ISO27001
    • Keeping abreast of the ever changing threat
    landscape and ensuring Everything Everywhere has
    the appropriate security toolsets to mitigate these
    risks
    People Manages people? No
    Management: If yes, direct or virtual (project)?
    Responsible for:
    allocation of work (task based) yes / no
    setting direction (objective based) yes / no
    performance management yes / no
    recruitment yes / no
    absence management yes / no
    No of direct reports: 0
    Overall team size (headcount): 0

    (Name) Page 1 Draft


    Confidential

    Other People Mgt


    comments:
    Financial: Cost centre manager yes / no
    OPEX responsibility £ tbc direct / indirect / n/a
    CAPEX responsibility £ tbc direct / indirect / n/a
    P&L responsibility £ nil direct / indirect / n/a
    Other Financial
    Impact comments:
    Key Relationships:
    within own directorate:
    (level, nature &
     Director/Heads of
    purpose)
    influencing, negotiating and supporting
    Assisting to identify, assess and mitigate risks within the function.
    Providing an risk and compliance management centre of
    excellence

    across other directorates:


     Internal Audit and Compliance Management
     Risk Committee
     Business areas

    external suppliers:

    external customers:

    Other key relationship comments:

    Critical Knowledge professional / technical


    & Experience (non professional qualifications or equivalent; technical skills
    time related): must have:
     Knowledge and practical experience in all
    aspects of Information and IT Security
     Knowledge and understanding of Risk and
    Compliance management.
     Experience in the range of security offerings and
    their application to the Telecommunications
    Industry.

    nice to have:  ISEB Certificate in Information Security


    Management Principles
    ISEB Practitioner Certificate in Information Risk
    Management
    business / context
    internal company knowledge (policies; procedures; strategies); industry
    background; knowledge of external market
    must have:  Commercial awareness and the ability to apply it.
     Knowledge of roadmap development and project
    delivery
     Good understanding of company strategy
    nice to have:  Strong understanding of the Telecommunications

    (Name) Page 2 Draft


    Confidential

    industry
    • Customer Focus (2)
    • Teamwork and Cooperation (2)
    Core Competencies:
    • Initiative and Proactivity (2)
    • Concern for accuracy(2)

    Any other
    comments:

    Other IT security experts might get a little envious if you join us at Everything Everywhere. You see,
    we’re the company behind Orange and T-Mobile. And with 28 million customers using what’s now the
    UK’s largest mobile network, you don’t need to be an expert to see we’ve one of the most complex
    Information Security challenges around. Pinpoint and mitigate our risks, and you’ll be considered one of
    the best in the field.

    You’ll need to be a real expert on information and IT security to take on this job. And while the audits and
    standards, such as SOX and PCI/DSS, will highlight your successes, this is as much about being a
    champion for security. The better you can explain what a risk is compared to an issue, and what that
    means for the business, the quicker you’ll see results.

    Of course, it’d help to have a background in telecoms. But so long as you’re used to enhancing roadmap
    developments and projects in general as well as identification of risk and driving security improvement of
    IT and business processes, you’ll fit in perfectly.

    Additional Intranet Text

    For further information on this role please refer to attached job description or contact Peter Sinden
    directly.

    (Name) Page 3 Draft

    You might also like