Full-Time CISO - Chief Information Security Officer

Chief Information Security Officer

The role of CISO will be focused on ensuring that the UK&I business is managing its security services and developing policies and practices that will protect the business-critical data.

In addition to the proactive protection of our systems, the CISO will also be involved in preparedness for and leading within any cyber security breaches within the organization, working hand in hand with our data protection officer and compliance teams to ensure the impact of any attack is managed.

This role needs to maintain an understanding of, and respond to, market dynamics, articulating these along with any competitive intelligence back into the organization to help with product development as well as improving our internal security posture.

A key aspect will be the drive of security culture, not just across the organization, but also the culture of the security teams themselves. This role needs to be an enabler for risk-informed business growth.

The CISO will be a pivotal insight across corporate and industry engagement, client delivery and internal systems, services and behaviours.

Location: Home-based with travel. Candidate must be UK-based with expected to travel to various UK sites

Key Responsibilities:

• Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program for the UK&I organization
• Provide in-depth security and risk reporting, demonstrating a clear ROI against security investments
• Work directly with the business units to facilitate risk assessment and risk management processes
• Develop and enhance an information security management framework
• Understand and interact with related disciplines through committees to ensure the development and consistent application of policies and standards across all technology projects, systems and services
• Act within the design assurance process, ensuring resilience is built by default
• Provide leadership to the enterprise's information security organization
• Partner with business stakeholders across the company to raise awareness of risk management concerns
• Act as Telefonica Tech UK&I representative into key industry and regulatory bodies, such as the National Cyber Security Centre and ICO
• Develop and present security performance metrics, driving awareness of maturity and security posture
• Develop a culture of consistent and effective security awareness, being the embodiment of that culture
• Lead on the execution of incident response plans, including regular testing and improvement plans
• Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems
• Drive the integration into the wider Telefónica security policies and procedures
• Deliver quantifiable security risk insights into the UK management board, informing risk decisions
• Work with the Cyber security customer-focused teams to help develop security products and services
• Promote thought leadership through marketing channels to the industry to raise Telefónica’s security visibility and presence in the market

What is the last date for applying to the job?

Which countries are accepted for this remote job?