Director of Security Compliance, Risk & Resilience

Job Description

About the DCC At the Data Communications Company, we believe in making Britain more connected, so we can all lead smarter, greener lives. Weve built the secure infrastructure thats supporting the mass roll-out of smart meters across the country. Our universal, secure networkwill be in 30 million homes and small businesses, making it the largest network in Britain. So its a truly exciting time to join us. Youll be part of a team thats supporting the countrys transition to a low-carbon economy, and helping to ensure an affordable,secure, and sustainable energy supply for the future. Operating independently of its parent company, Capita plc*, the DCC is a Disability Confident Committed Employer. Were directed by the Department for Business and regulated by OFGEM. We collaborate with the Government and leading telco and utility industryservice providers to help protect consumers and give them better energy choices. A finalist in the Top Workplace Awards in 2018, we reward professionals who thrive in an environment of change and innovation. Watch this about DCC video and if it ignites yourinterest, apply below. This role forms a key part of the security leadership team reporting directly to the CISO. The Director of Security Compliance, Risk & Resilience will As Director of Security Compliance, Risk & Resilience you will create, execute, and maintain an integrated security compliance programme that ensures Britains digital energy system is operating to our minimum agreed security standards and baselines As Director of Security Compliance, Risk & Resilience you will create and execute a business resilience programme that ensures that the DCC can confidently and efficiently respond to major global events, technology outages and loss of key personnel or premises As Director of Security Compliance, Risk & Resilience you will create and lead a world class crisis management process that ensures that any significant event that meets our crisis threshold is expertly lead and executed with exceptional precision You will take the lead on ensuring the supplier community and wider end to end supply chain and are performing to the required security and resilience standards You will work across the business internally and with our service providers externally to identify, collate and communicate security risk to the Exco. Developing a clear view of how they may impact the digital energy system and what mitigations should be putin place Ensure that all security compliance requirements under the terms of the DCC License are attained both within the DCC Enterprise and across the service provider community Lead the Business Continuity programme across the DCC Lead the Crisis Management programme across the DCC Carry out a continuous review of the compliance regime that maps the minimum-security standards and baselines that all parties should adhere to. Work with the Information Security Director and Security Architecture Director to ensure our baselines adequately protect the end-to-end security of the digital energy system Robustly manage instances of non-compliance that are detected through internal or 3rd party audits Define and carry out an internal audit schedule in line with the master compliance programme report on the state of security compliance across the different parts of the digital energy system through the development of a reporting and MI dashboard Work in conjunction with the Information Security Director to manage the relationships with Senior Security representatives from the service providers, BEIS and GCHQ Create, maintain, and run the security governance programme that underpins the security of the digital energy system Direct the day-to-day activities of the Security GRRC team Manging day-to-day security stakeholder relationships with SSC, NCSC, BEIS, OFGEM and any other interested parties related to the DCC official business Seek external input to ensure that DCC is aware of and is applying industry security best-practice Oversee and direct the GRRC team to meet Functional objectives and regulatory obligations Develop and mentor team members ensuring skills and expertise and security knowledge is adequate, shared and well understood avoiding any single point of failure What were looking forAt least 5 years of experience in a Security compliance role in a large Technology organisation At least 5 years experience leading Crisis Management in a large and complex organisation Knowledge of ISO 22301 / 27001 Experience of working with and implementing complex security test initiatives such as C-Best / T-Best or industry equivalent Experience of managing highly skilled security teams Demonstrable experience in information risk management Demonstrable experience in implementing effective business continuity programmes in tech organisations Had regular exposure to board level stakeholders and bodies such as regulators and/or government departments and at a senior level Good communication skills both face to face and via written media Ability to be cleared to HMG SC clearance levelSkills and Experiences Desirable Familiarity with the NIST Cybersecurity Framework is beneficial A certification such as CISM/CISSP/M.Inst.ISP or a relevant university degree Audit qualifications desirable Whats in it for you Become part of our team at DCC and youll find an inclusive culture which prizes mutual respect, innovation and high performance. It all adds up to make DCC a great place to work. Hard work deserves great benefits, and we offer our colleagues a range of reasonsto enjoy their time at DCC: Bonus scheme Pension Private medical insurance Car allowance Extensive personal development and training opportunities Hybrid workingMany of our people work 1 to 3 days in the office.. Flexible holidaysincrease your standard 25 days by purchasing extra days. Dental plan. Cycle to work scheme Childcare vouchers Headspace free membershipa popular mindfulness app. Season ticket travel loan Charity days Retail discounts. Discounted gym membership RAC discount Income protection scheme Next Steps Please contact Catia Pereira [] should you have any questions youd like to ask before applying; or Choose Apply now to complete our short application, so that we can find out more about you. Your application to [10077388] will be carefully considered, and you will hear from us regarding its progress. Capita Opportunity Statement The parent company, Capita Plc*, are a leading UK provider of technology enabled business services. Were supporting and improving the lives of millions of people every day and we can only do this with the right people in place, working towards a shared goal.We encourage an ope