IT Business Information Security Officer

**Purpose of role**:
Accountable for IT Security for Inchcape UK Retail Business, the individual will act as focal point for all Information and IT Security related needs for the UK. The role will span across policy through to operational security disciplines and work in conjunction with UK Service Delivery, Legal, Compliance, Audit and Risk teams. Regular liaison with other Inchcape Regional/Global IT Security and Service Delivery Teams also a key aspect of role

**Job role and responsibilities**:

- Manage and develop UK IT Security policies and operational practices to ensure fit for purpose policies, standards, and operational disciplines.
- Audit, review and reporting of IT security related assessments of current and prospect suppliers and supplier platforms. This includes ongoing penetration testing and scanning of supplier and Inchcape internal platforms and services.
- Management and communication of IT Security/Cyber training, awareness, and phishing testing within Inchcape UK. In liaison with HR Training and Development and Group IT Security/CISO office, ongoing development of IT Security/Cyber training material as appropriate.
- Link to wider functions for Compliance, PCI-DSS, Legal, Document Management/Authority, Audit. Specific responsibility for management and completion of PCI-DSS attestations and IT elements of Business Continuity Plans (and associated Disaster Recovery elements of BC plans).
- Manage the overall IT security process improvement pipeline and any specific security related projects around these, ensuring strong stakeholder engagement and communications.
- Provide advisory leadership to UK business units for the implementation of the Information Security policy, procedures, and standards throughout their business.
- Direct the risk assessment and security engineering completeness of any exceptions to standard baselines or policy
- Perform first line assessment/approvals of security requests from Business Group Programs and personnel
- Proactively identify information security deficiencies or opportunities for improvement to better enable business security. Lead the development of pragmatic solutions across Information Security.
- Provide communication or escalation path for information security issues identified by Information Security or the business themselves.
- Provide regular, timely reporting on the information security status across the supported business units.
- Support acquisition due diligence for information security risks and support control design for integration.
- Co-ordinate routine security scanning and penetration testing disciplines and co-ordinate internal teams and suppliers in any remediation requirements arising from these
- Manage operational IT Risk register and actions/risk mitigation measures identified within IT Risk Register
- Participate in reporting requirements, monthly/quarterly status meetings and offsite as appropriate.
- Assist the business in managing and preventing cyber incidents and providing incident coordination as required.
- Provide strategic inputs regarding overall Security posture improvement

**Skills and experience required**:
Customer Focus
- Excellent stakeholder engagement skills to ensure developments meet business needs
- Strong written and oral communication skills to ensure delivery outcomes are clear
- A promoter and role model in the importance of quality by using Inchcape’s customer journey
- Uses every contact with internal customers to build sustainable relationships, an ambassador for IT

Operational Focus/Experience
- 5 years + experience in IT Security related disciplines
- One of more of CISSP, CISA or CISM accreditation highly desirable
- Well versed with processes such as Penetration Testing, Vulnerability Assessment, Patching etc.
- Well versed with Disaster Recovery plans, processes and practical tests/execution and security implications
- Knowledge of applicability of next generation security products such as NGAV, AIP, CASB, Cloud Native security tools, Next Generation Firewalls etc.
- Understanding of Container Security and CI/CD pipelines.
- Always ensures compliance with relevant IT policies and standards
- Ability to assimilate reports effectively and to use the data to inform and shape operational practices
- Co-ordinate IT security activities through impactful meetings, effective reporting lines and reviews
- Own and develop IT security development plan and supporting actions

Business Focus
- Works well with the Inchcape UK brands and management to ensure IT Security meets the needs of the brands
- Monitoring trends that improve IT security capabilities and general posture
- Will always be an advocate for the IT function as a valued partner to the wider Inchcape businesses

People Focus
- Skilled at creating an environment in which your team can thrive and self-actualize in
- Participate and contribute to team briefs, reviews and employee engagement practices
- Experienced and comfortable in Perform