Director of Information Security

Wessex Water is committed to delivering outstanding services to our customers. Information Security plays a huge part in us achieving this. We have created a new position for a Director of Information Security to help keep our people and data secure, while also continuing to drive our security strategy forwards.

The role

You will lead the information security function for the Wessex Water Group across both IT and OT (operational technology) environments, providing technically and commercially astute advice to our Executive team.

This is a hands-on role, as you will supervise an in-house information security team and oversee an externally provided CSOC (Cyber Security Operations Centre) to deliver high quality operational and strategic advice. The remit of information security includes cyber security, physical security and business resilience.

Key aspects of this role also include:

• overseeing both business-as-usual information security operations and transformational security change programmes
• ensuring continued business-wide compliance with relevant assurance accreditations and regulatory obligations (for example but not limited to: ISO27001, Payment Card Industry Data Security Standard, the General Data Protection Regulation, the Data Protection Act and The Network and Information Systems (NIS) Regulations)
• establishing and maintaining appropriate risk management controls, measures and processes to proactively identify, assess, manage, mitigate and report security related risks
• Maintaining and executing a comprehensive and measurable information security strategy, such that the integrity, confidentiality and availability of the Group’s data is maintained
• acting as a key decision maker during information security incidents and data breaches
• acting as liaison with key information security specific external parties and regulators, such as the NCSC (National Cyber Security Centre) and law enforcement, where required
• embedding security by design early in IT and OT asset lifecycles and change processes
• enabling cost optimisation and savings as part of the evolution and progression of the business
• fostering a culture of innovation and continuous improvement that enables a high level of professional development, personal responsibility and staff retention
• leading, coaching, mentoring and motivating others to produce outstanding results.

What do I need?

To be considered for this exciting opportunity, you will be a member of an Information Security Professional Body, such as the Institute of Information Security Professionals (or equivalent) and have at least five years’ experience managing security functions/teams.

You will also have previous experience working with industrial control system (ICS) and OT (operational technology) security in industries such as oil and gas, transport or utilities. Previous experience in CNI (critical national infrastructure) is desirable.

Alongside this, you will also be able to understand and speak the language of technical teams and translate that to the executive team with clarity and brevity.

A working knowledge of the following methodologies and standards is essential:

• CAF (NCSC Cyber Assessment Framework)
• The Network and Information Systems (NIS) Regulations
• GDPR (general data protection regulation) and DPA (data protection act)
• ISO27001
• PCI DSS (payments card regulations)
• NIST 800-30/53
• CIS Top18 and OWASP Top10.

A number and blend of Information Security accreditations is desirable, such as MSc Information Security, CCISO (Certified Chief Information Security Officer), CISA (Certified Information Systems Auditor), CISSP (Certified Information Security Systems Professional),CISM (Certified Information Security Manager), and others.

It is essential that you have strong people skills, are capable of communicating with senior stakeholders and are a natural people manager who inspires and develops others around you.

Benefits for you

• Pension – up to 20% combined contribution
• 25 days’ holiday rising to 28 with length of service.
• Opportunity to buy and sell up to five days’ holiday
• Private Health Insurance
• Health benefits package
• Life assurance (up to four times your salary)
• Electric vehicle salary exchange
• Flexible working
• Cashback and discounts from over 1,200 retailers
• Paid volunteering day
• Enhanced family leave
• Interactive health and wellbeing platform.
• Support from mental health first aiders
• £1,000 referral fee if you recommend someone to work for us

What will you get from us?

Our people tell us Wessex Water is a great place to work, and they stay with us! We are proud of how we support development and career progression. We have a wealth of both financial and non-financial benefits to offer our people and are committed to ensuring we provide an environment that supports health and wellbeing and flexible working.

We continue to promote diversity and inclusion. With that in mind, we welcome all applicants.

We are delighted to have signed the Armed Forces covenant and are a Disability Confident Employer. Applicants who declare they have a disability or have previously served with the Armed Forces, and meet the minimum requirements for the job, will automatically be invited for an interview.

Please let us know if you require any additional support or adjustments to assist you in starting your journey with Wessex Water.

If you have what it takes to join this award-winning business and want to be part of our exciting journey and share in that success, then please get in contact with us to find out more.

Sound interesting? Please click APPLY to progress to the next step.