Our vision is to equip the Trust with the technology we all need to do our jobs confidently. Working collaboratively with all areas of the Trust, we focus on delivering the Trust’s priority information services at pace, meeting the needs of our people and supporters. We are continuously improving and securing Trust information services and take great pride in what we do. Our teams require subject matter expertise when it comes to Information Security and the Information Security team requires a Team Lead.

What it's like to work here

This post is contractually based at our offices in Swindon but is currently working remotely. There will be an opportunity to explore and agree remote working arrangements which strike the right balance for you and the Trust. As a guide presence in the office is required for key meetings on an ad hoc basis but is unlikely to exceed 4 days per month.

Sitting as part of our IT Assurance team you will be part of a team of 27 passionate individuals focussing on Commercial, Data Protection, InfoSec, Cyber Projects and Assurance & Risk.

We’re bigger than you think, we’re more complicated than we appear and we’re larger scale than you’d imagine. We’ve got passionate people in all our teams, and we’ve got so much more we want to achieve. We’re for ever, for everyone and we really mean that. We don’t want to stop at 5.5 million members and we want everyone to feel welcome and enjoy access to our places, so we need to reach new audiences in ways that are meaningful and relevant to them without losing the hearts and minds of those that are already with us.

What you'll be doing

As the Information Security Lead, you will be responsible for evaluating the existing Information Security activities across the Trust including those delegated to outside the IT function. You will understand the security risk that the Trust may face and what controls are needed, or in place, where vulnerabilities have been found. You will coordinate and deploy Information Security Policies and standards, maximising the potential of the Trusts security portfolio and maturity. You will oversee the implementation of security control mechanisms that are carried out by various teams. You will also work closely with Business Stakeholders and act as an advocate for good practise. You will lead a team of specialists, guide business managers, in the delivery, maintenance and training of Information Security policies and what safeguards should be deployed.

You will be responsible for the tracking of measures to mitigate Information Security risks, further expanding on our Cyber Security Maturity and Cyber Security Resilience work to help protect the Trust against Information Security threats. You will also work closely with key information security management stakeholders across the Trust and its operations, to adopt and enhance common frameworks and security governance, as well as managing the activities and practise needed to attain and maintain PCI DSS compliance. You will be expected to contribute and work in cross-functional agile teams, delivering accurate business Information Security expertise, on a regular schedule, with an emphasis on timely advice, timely intervention and risk management and continuous improvement of embedded Information Security good practise you will manage. You will coordinate and inspire the team. You will be part of the IT Extended Leadership Team, working collaboratively with other leaders in teams across IT, and an active member of relevant communities of practice across IT. You’ll work closely with the IT Senior Leadership Team to keep them informed of priorities and delivery progress.

You will be responsible for the tracking of measures to mitigate Information Security risks, further expanding on our Cyber Security Maturity and Cyber Security Resilience work to help protect the Trust against Information Security threats. You will also work closely with key information security management stakeholders across the Trust and its operations, to adopt and enhance common frameworks and security governance, as well as managing the activities and practise needed to attain and maintain PCI DSS compliance. You will be expected to contribute and work in cross-functional agile teams, delivering accurate business Information Security expertise, on a regular schedule, with an emphasis on timely advice, timely intervention and risk management and continuous improvement of embedded Information Security good practise you will manage. You will coordinate and inspire the team.

You will be part of the IT Extended Leadership Team, working collaboratively with other leaders in teams across IT, and an active member of relevant communities of practice across IT. You’ll work closely with the IT Senior Leadership Team to keep them informed of priorities and delivery progress.

Who we're looking for

• Excellent leadership and communication skills with the ability to inspire and coordinate teams, building a positive team climate applying pragmatic solutions. 
• Excellent relationship management, negotiation and influencing skills, with extensive experience of managing expectations and engagement with stakeholders at all levels in the organisation. 
• Experience of Change Management and user adoption principles and experience in an Information Security context. 
• Broad experience of programme, project and portfolio management processes and practices, where Information Security and Information Assurance is required (both traditional and agile), including governance and risk management. 
• A collaborative, self-motivated, multi-tasking, flexible and organised individual who can handle changing workloads against multiple priorities at pace. 
• Maintain, enhance and raise the profile of Information Security policies, Information Security, and Information Assurance and data privacy awareness, best practices and evolve the organisations security awareness. 
• A subject matter expert, who will provide proactive consultation advice, support and education within the Trust and be a point of contact for Information Assurance/Security matters. 
• An Information Security advocate who can demonstrate a high-level understanding of the risks of non-compliance, understands PCI and remains current with policies.
• Ensure key Information security documentation is in place and maintained internally and externally for Products and services delivered by third parties. 
• Support Incidents and breaches to ensure the impact is contained and relevant analysis is provided with lessons learned for improvement plans. 
• Identify Measures
• An individual who can create a culture of good and secure information exchange and Assurance practices.