fbpx Project Assurance Lead (InfoSec) Acton Support Centre (123) 28241 | Dixons Carphone Careers

Project Assurance Lead (InfoSec)

Finance

Job Number: 28241

Location: Acton Support Centre (123)

Contract: Full Time / Permanent

Description

DESCRIPTION

Dixons Carphone are going through an exciting period of transformation and change. However, the ever-changing retail market with multichannel capabilities driven by evolving technologies and interactive customer-focused applications remains an attractive target for attackers. In response, we are growing our Information Security team and looking for a Project Assurance Lead to ensure security is implemented in projects/operations and provide third-party assurance. 

The role will require a diverse background including security and risk management. It requires establishing good working relationships with different areas of the organisation including architects, technical designer, project teams and product or service owners.

 

Project Assurance Lead responsibilities:

  • Support IT and Business transformation projects by ensuring they are risk-assessed and controls and security requirements are defined through the project lifecycle, including compliance requirements such as ISO 27001 and PCI-DSS
  • Review design and architectural design documentation and data flow diagrams and provide security requirements and input
  • Support security and risk management reporting and risk related actions and follow up
  • Review new and existing supplier and partner contracts and perform regular assurance activities to validate supplier security posture
  • Scope, arrange and support security testing, including penetration testing
  • Develop and embed information security processes and procedures alongside business and IT stakeholders 
  • Attend business governance meetings as required representing the Information Security team

 

Skills and Experience

Essential:

  • Good understanding of information security architecture and technical security controls;
  • Excellent analytical skills and ability to solve complex problems;
  • Excellent communication and interpersonal skills with the ability to clearly and concisely articulate information security risks to both business and technical teams;
  • Excellent stakeholder management skills;
  • Experience in Security Governance and Security Assurance;
  • Knowledge of ISF, ISO 27001, PCI-DSS
  • Ability to manage third party security vendors and be involved in the procurement process; Good understanding of information security architecture and technical security controls;

 

Desired:

  • Bachelors or master’s degree in computer science, information technology, information security or a related field;
  • Previously worked within a large, multinational organisation; 

 

Qualifications:

  • CISSP (ISSAP, ISSEP)
  • CCSK
  • ISO 27001:2013 Lead/Implementation Auditor.