Travel & Logistics Firm require an Interim CISO to join the organisation on an initial 3-6 month contract to develop, implement, and maintain a strategy to ensure the companies information assets are adequately protected, any legal and regulatory obligations relating to our information, including data protection is provided for and related risks are identified and managed.
The role will report directly into the CIO and a key part of this role will revolve around senior stakeholder communication up to board level.
The role will require 2 days a week in the office, 3 remote.
The Interim CISO will need the following experience:
- Owned a Cyber Security Function for a global and federated organisation
- Worked with other internal senior stakeholders, and under the direction of the Management Board and Group CIO
- Develop an effective understanding of the businesses direction, strategies and priorities, opportunities and operational challenges
- Design, implement, and maintain the firms Information Security and Data Protection Strategy, standards, methods and policies across the group, aligned to the overall business and strategies.
- Develop business understanding and classification of high value / business critical information assets and plan their protection
- Ensure that the Group implements compliant and consistent security and data protection standards across the solutions and services it delivers into the organisation
- Assess the security implications and compliance levels of the companies partners and suppliers at a group level, and provide specialist input as needed divisionally
- Build strong relationships within the business and across the technology organisation to develop the understanding of information security related business risks.
- Work with business leadership teams to assess and identify the potential security and privacy risks that may hinder the reputation, safety, operational, legal, regulatory, and financial prosperity of the companies
- Design and deliver a first class and proportionate Group Information Security function that is aligned to the business operating model.
- Define and oversee a security and data protection transformation programme, consulting with leadership to build a shared understanding of risk and objectives, design a new security architecture, and over time define the operational organisation required to maintain the approach
- Institute on-going risk assessment, strategic planning, implementation, communication, training and awareness activities
- Manage the provision of security awareness training to the business on their roles and responsibilities towards managing the companies information security and privacy risks
- Provide for cyber-resilience to include specialist support in the event of cyber-incidents
- Provide business advice in audit activities, ensuring compliance whilst playing a supportive role in ensuring businesses are well prepared for audit activities
- Support the companies move towards cloud-based solutions without compromising security
If interested, please do not hesitate to contact Molly.Lamb@lafosse.com