Expires soon Marksandspencer

Business Information Security Officer - (BISO)

  • Nottinghamshire, United Kingdom
  • Marketing

Job description



Job Description:

The Business Information Security Manager performs a critical role in the maintenance and implementation of security within M&S. A senior role reporting to the Head BISO, the DotCom and Data BISO is creative and innovative, capable of thought leadership, and is able to build strong and long-lasting relationships with key stakeholders throughout the business. The primary business area for the DotCom and Data BISO will be supporting the Business in two critical areas, namely M&S the eCommerce portfolio including the M&S website, and secondly the implementation of the Data Strategy within M&S. Managing complex relationships, issues, ambiguity, and dealing with diverse business and technical drivers, the BISO must maintain objectivity and be able to take decisions quickly. As security is another risk that senior management and the board have to assess, being able to understand the balance between the needs of the business in creating value, and the driver to manage security risk to an acceptable level, is key to the role.

The role has been created to ensure Cyber Security’s alignment to, engagement with and guidance for the DotCom and Data Business, to ensure that senior M&S stakeholders have appropriate visibility as to their information security risk posture, and to ensure appropriate challenge of M&S Businesses when their risk appetites are breached. The BISO maintains a corporate wide information security management programme to ensure the protection of M&S information assets. Reports are provided by the BISO to enable M&S to meet its internal and statutory reporting requirements and assist the business in understanding its overall risk exposure. A visionary leader with sound knowledge of business management and a working knowledge of information security technologies, the the DotCom and Data BISO is a driver of business change and security improvement. Taking business change management beyond simple communication messages, the BISO achieves employee engagement on security best practice. Working cross-functionally, the role will require the ability to formulate clear recommendations, drive governance strategies, and influence Business, Quality and Technology stakeholders at all levels. Leveraging competencies from the CISO key functional areas: Risk & Compliance Management, Security Assurance, Security Architecture, and Security Operations.

Impact on Business

• Execution – To ensure key programmes are met within given functional expectations and that programme success is driven as a result of risk mitigation activity.

• Risk Management - To work jointly with M&S Businesses to establish and develop a consistent, pragmatic and effective approach to cyber security risk primarily for DotCom and M&S Data. Provide subject matter expertise in achieving the right risk and control based balance for the business.

• Governance – Ensure participation in the appropriate Risk and Governance committees lead by M&S accountable executive

• Transparency –Support the delivery and development of security process and risk management for Cyber Security.

Business Customers / Stakeholders

• Functional Relationship Management – Develop and maintain positive and professional working relationships with M&S Business and Technology Stakeholders, and other senior managers within M&S. Manage conflicts and the competing priorities of multiple stakeholders. • Information Security Guidance – provide subject matter advice, guidance and counsel to senior executives and be responsible and accountable for driving forward a security programme of work for M&S. In order to attain their support, commitment and agreement.

• Communication – Communicate to M&S Businesses, Technology and senior executives their security responsibility to ensure programme success.

• Transparency – Working across M&S organisational teams to ensure commonality of understanding and objectives such that the teams are focused on delivering against security requirements and within their risk appetite.

Leadership & Teamwork

• Leadership – To provide a level of accountability in driving towards a common global delivery of services to M&S Businesses with the support of the Cyber Security organisation. To create a collaborative bridge between M&S Businesses and the rest of Cyber Security.

• Accountability – Make ownership and responsibility clear at all stages of key activities.

Business Engagement and Risk Management

• Engagement – To assist in the development, rollout and propagation of a consistent Business facing engagement model that allows Cyber Security as a function itself to:

• To have single consistent businesses aligned risk model and framework for DotCom and Data

• To drive efficiency and practical implementation of Information and Cyber Security and Risk processes • Establish and maintain effective cross channel communication with the Business • Be the focal point for the Business portfolios

• Monitor the external threat environment for emerging threats with the SOC and advise relevant stakeholders on the appropriate courses of action.

• Manage security incidents and events to protect M&S critical assets, including intellectual property, regulated data, customer data and the company's reputation.

Business Support

• Provide on-going support for Strategic Programmes, projects and related BAU activity to ensure risks are managed consistently and to the highest standards.

• Provide strategic risk guidance for dot.com IT projects, including the evaluation and recommendation of technical controls.

• Provide coordination with the M&S Enterprise Architecture teams to ensure alignment between the security architects and enterprise architectures, thus coordinating the strategic planning implicit in these architectures for the Business.

• Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across technology and data projects, systems and services, including, but not limited to, privacy, risk management, compliance and business continuity management.

Reporting -

Provide regular reporting on the current status of the business portfolio programmes to enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program.

Role Context

• The role holder will work with the M&S BISO Head, and the respective Heads of Cyber Security. • Working directly and establishing relationships with relevant M&S Business and Technology Leadership teams. • Liaise among the Audit, legal and HR management teams as required.

Management of Risk

• The management of risk will be consistent and in-line with the M&S Policies, Standards. Guidelines including all relevant process and procedures and will focus on achieving highest global standards. • The jobholder will take a leadership role in reducing information risk across all areas of their responsibility and M&S as a whole to enable the business to achieve success. Additional Responsibilities • Perform related duties and fulfil responsibilities as required.

Key Skills

• Risk Management- Have an expert level and extensive amount of Information Security Risk and Information Risk Management knowledge to face off appropriately to the different Leadership stakeholders and also external parties. Understanding of the Fraud and Risk characteristics of key businesses.

• Strategy / Vision - Be able to define and implement a vision and strategy for risk capability across M&S Businesses and communicate to key stakeholders and get their buy-in.

• Engagement & Influence - Have significant gravitas that will be obvious to all parts of M&S, which will enable face off to senior Business and Technology managers and stakeholders in order to win their confidence and help influence their decisions. Must be able to engage with senior business leaders and board level management.

• M&S Knowledge – A detailed understanding of M&S and how it works including people, process and technology.

• Technology Knowledge – Good level of understanding of diverse technology including infrastructure, network and applications. Experience in large enterprise systems development lifecycle. Good level of understanding of fundamental information security controls, principles and technology.

• Change Delivery - A very strong change delivery track record in large global organisations.

• Communication - Have excellent communication & engagement skills to be able to build relationships with key internal & external stakeholders and be able to sell a strategy and vision.

• Style - A change agent who is not afraid to change the status quo in order to drive M&S strategy with the discipline to recognize when existing people, process and technology can fulfill business needs.

• Academics Minimum BA or BSc university degree in a relevant field. Postgraduate degree in a relevant field a plus (MSc, MBA or PhD).

here .
-->

Make every future a success.
  • Job directory
  • Business directory