Persimmon Plc is looking to recruit a Head of Information Security, who will report to our CFO and be based at our head office in York.
Persimmon is a FTSE 100 listed housebuilder and one of the largest developers of mainstream housing in the UK. Established in 1972, it operates nationally through a network of 31 regional housebuilding businesses in addition to 2 strategic manufacturing facilities.
As Head of Information Security your key responsibilities will include:
- Building strong relationships throughout the Persimmon senior leadership team and the Business.
- Developing a security strategy and roadmap for delivering security improvements – both technical and non-technical.
- Defining and delivering communications and training plans for security across Persimmon, including our FibreNest business.
- Defining the ISO27001 project and ISMS requirements.
- Managing and defining controls for 3rd party vendor risks.
- IT resilience and back-up, managing security incidents and managing and updating security response plans.
- Creating business cases to justify further investment in information and cyber security initiatives.
- Implementing, managing, updating and acting in accordance with Persimmon’s Information Security and information governance Policies.
- Identifying changing threat models and vulnerabilities and implementing appropriate risk-based responses.
- Ensuring Information Security and Cyber risks are captured, managed and are aligned with Persimmon guidelines.
- Undertaking and reporting on regular information security audit/access control checks as required.
- Responsibility for risk and compliance assessments, including penetration tests and approaches which will then inform a robust risk mitigation plan.
- Being an advocate for Information Security and information governance in the business, with staff, customers and 3rd parties promoting awareness and training sessions.
Skills & Experience
- Demonstrated experience in a similar role, within a dynamic and complex InfoSecurity environment.
- Hands-on implementation experience and capability to assist in the design, development and delivery of key InfoSec infrastructure programmes.
- Strong knowledge of data protection regulations and technologies, such as ISO/ICE 27001/2, NIST.
- Strong knowledge of telecoms security regulations and technologies, such as the Communications Act 2003.
- Security certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or similar are desirable.
- Track record in managing establishing/managing Information Security and Information Governance in a regulated environment.
- At least six years’ operating at a senior level in the private and or public sector with a demonstrable track record of managing security services, Information Governance and operational risk.
- Experience operating at a senior level in the telecoms sector with a demonstrable track record of managing security services, Information Governance and operational risk.
- Able to assimilate business information quickly and translate that into effective IT plans.
- Ability to effectively prioritise and execute tasks across multiple stakeholders.
- Track record in working with third party vendors to deliver software supply, support and solutions.
- Strong leadership skills and able to shape team to maximise delivery and develop potential.
- Highly security & Information Governance literate; with strong Strategic, Policy & Planning skills.
- Experience with business continuity planning, auditing and risk management.
- Commercially aware with exposure in contracting & financial management.
- Must have a solid understanding of information technology, information security and Information Governance. Physical security knowledge a bonus.
- Background and understanding of regulatory environments is an advantage, but is not a prerequisite.
- Strong technical knowledge of end-to-end provision of IT services. While specific technical knowledge is not required, ability to see the end-to-end customer journey and understand the technical interlinking of components (including in-life service) is necessary.
- Experience in project oversight & delivering information/IT security projects.
Benefits
- 25 days holiday rising with service + 8 bank holidays
- Annual salary reviews (July)
- Discretionary bonus payments
- Pension scheme – defined contribution
- Free life insurance (linked to pension contributions)
- Free parking
- Discount Shopping portal
- Home purchase discount scheme
- Share scheme
Offers of employment are subject to a satisfactory background check e.g. employment history and criminal record check. These background checks are job specific to certain vacancies within Persimmon