Senior Information Security Officer

Overview

People. Passion. Pride. This is what has driven our teams since 1833.

Since that time, we have developed to become a critical partner in the global aviation industry, delivering time-critical logistics services at over 340 locations in 65 countries, across 6 continents.

But at the heart of our business is our people.

Role Purpose

This role has the responsibility to deliver continuous improvement of cyber security controls globally. It involves working with team members around the globe to implementing controls to comply with policies, standards, contractual and regulatory obligations.

What you will be doing

• Continuous improvement of Menzies overall operational cyber security posture by:
  • Oversight of the Vulnerability Management Programme. Liaising with suppliers and managing the service, reporting on the effectiveness and managing change as required to deliver on objectives.
  • Scoping and managing the annual external testing of cyber security controls. Report the findings to the relevant stakeholders and manage the mitigation actions.
  • Leading the Security Operations Analysts to manage the security operations, ensuring events and incidents are responded to effectively and opportunities for improvement are identified and actioned.
  • Manage and prioritise cyber threat intelligence and work with IT teams and system owners to mitigate emerging vulnerabilities.
  • Ensure the relevant training and communications teams to promote a Cyber Aware culture within the business based on current Threat Intelligence.
  • Monitor and advise on the cyber controls of third-party suppliers.
• Maintain and develop cyber governance by:
  • Understanding contractual and regulatory cyber compliance requirements and designing the appropriate controls.
  • Performing risk assessments for new systems, processes, projects, integration and updating risk register to manage identified remediation plans.
• Other responsibilities include:
  • Working with business and IT stakeholders to define metrics and reporting strategies that effectively communicate successes and progress of the security programme.
  • Consulting with IT and system owners to ensure that their cyber security requirements are factored into the evaluation, selection, installation and configuration of hardware, applications and software. Identifying areas for potential improvement.
  • Monitoring and reporting on compliance with security policies, as well as the enforcement of policies within the IT department.
  • Supporting responses to customer bids, RFQ's and subsequent clarifications.
  • Managing the configuration for key security tools such as EDR, ID Protection, Cloud Apps, DNS Security and Email.

Would you like to see more detail on the accountabilities of the role? Please see the attached job description for further information

Safety, Security, WellBeing and Compliance:

You will have a responsibility and duty whilst at work to take reasonable care of the health, safety and wellbeing of yourself and others in accordance with provided information, training, and workplace health and safety rules or procedures. The company is committed to providing a safe working environment for all staff members. In all areas of our business there is a potential risk to the health, safety and welfare to everyone on our sites through the misuse of alcohol and drugs. As such the Company prohibits such misuse and carries out regular testing to enforce our Substance Misuse Policy.

Please see the attached job description for further details on safety, security, wellbeing & compliance.

What we are looking for

• Ability to manage and support a security operations team.
• Ability to manage the performance of third-party service delivery partners.
• Ability to communicate effectively to a range of audiences.
• Undergraduate Degree in an IT or cyber security discipline, or equivalent experience and relevant qualifications.
• Knowledge of common information security management frameworks, such as International Standards Organization (ISO) 27001, the IT Infrastructure Library (ITIL) or the National Institute of Standards and Technology Cybersecurity Framework.
• Understanding of networks, systems, applications and Cloud technologies.
• Familiarity with the principles of cryptography.
• Knowledge of security testing.
• Experience of working and learning within a fast-moving, changeable environment with new technology/services/infrastructure/priorities and working practices (processes).
• Excellent organisational, planning and administrative skills and a good eye for detail.
• Highly analytical with the ability to influence, challenge and implement change.
• Experience of dealing with work of a confidential and sensitive nature.

Diversity

MenziesAviation are a committed equal opportunity employer and encourage applications for suitably qualified and eligible applicants regardless of sex, race, disability, age, sexual orientation, gender reassignment, religion or belief, marital status, pregnancy, and maternity. We strive to create an inclusive working environment, where the different knowledge, perspectives, experiences, and approaches of our global workforce are represented. Where everyone feels valued and can reach their full potential.

Please be aware that as part of our recruitment process, we may look to use a variety of resourcing tools to help us understand your skills and experience in relation to the role. Please feel free to contact to recruiter below, if there are any reasonable adjustments to our process that you would like us to consider.

As part of our recruitment process, we will always consider how candidates fit with our values which you can learn more about here.

Application Instructions

Is this role ticking all the boxes for you? If so, please click apply now!