Information Security Consultant
Support Office, Manchester

Job reference: SNW-SOM-06076

Location: Support Office, Manchester

Salary: Competitive + benefits

Department: Support Office

Background

Protecting ODEON’s information assets is a key priority for our business and is part of our strategy.  You’ll join a team with responsibility to improve information security maturity and controls across people, process and technology.  With support and oversight at the highest levels at ODEON and our parent company AMC, this role is an opportunity to influence and deliver meaningful change that manages a number of our key risks.  You’ll be working closely with key stakeholders in our operating regions our support service and other Group teams.  You’ll need all round skills and capabilities in all areas of Information security including implementing & running security services, improving policies, standards & processes, supporting training & awareness and provide oversight & assurance of 3rd parties, projects and business change.  There’s lots to do, no one day will be the same and there is fun to be had!

The Role

  • Support the development & execution of OCG’s information security strategy & roadmap
  • Support tasks to maintain an Information Security Architecture for the group
  • Implement & deliver information security initiatives, directly & in cooperation with other IT & business teams & third parties, as part of the roadmap
  • Design & manage required security monitoring/logging systems & resources to provide relevant information on security incidents & potential risks
  • Monitor and report on key metrics to facilitate security governance & the assessment of the overall security risk position across the group
  • Work with infrastructure & service teams to maintain regular patching / upgrade schedules & processes across relevant systems in the group
  • Support the development and adoption of information security policies & standards
  • Help raise awareness about Security standards across the group and educate colleagues
  • Support regular security tests & other security related compliance across the group
  • Support initiatives around change management & compliance with PCIDSS, GDPR, SOx & any other key control requirements
  • Perform security operations activities within the remit of systems & controls owned by the Information Security function.
  • Manage security incidents & provide responses to detect, analyse, contain, eradicate and recover, integrating with wider group crisis management where required
  • Support the implementation of disaster recovery schedules & processes across all business critical IT services linked to Business Continuity requirements
  • Work within a virtual team across OCG territories
  • Act as a security subject matter expert as required
  • Actively maintain knowledge of the threat landscape, technology solutions & industry standards, leveraging external network & key advisors
  • Present ideas, MI & reports to technical & business teams, Senior Leadership & relevant partners

What does it take? (required)

  • At least 3 years working in an IT Security or Information Security function
  • Hands on expertise of implementing & managing a number of technical security measures such as
    • Network Security - WAN/LAN, Firewall, Intrusion Detection/Protection, Denial of Service, Proxy, Content Filtering
    • Web Security - Web Application Firewall, Web Security Risks & Controls such as Cross Site Scripting, SQL Injection, DDOS & Brute Force
    • Component Security - Active Directory, System Hardening, Endpoint Protection, Asset Management, Email Security, Patching, Vulnerability Management
    • Monitoring & Detection- Security Event & Incident Monitoring & Management, Log Retention & Audit, Threat Detection & Response
    • Access Control - Role based Access Control, Identity Access Management, Privileged Access Management, Common Authentication/Single Sign On, Multi-Factor Authentication, Password Security
    • Data & Cryptography - Public Key Infrastructure, File Integrity Monitoring, Device Encryption, Data Encryption, USB Control, Data Leakage Controls
  • Worked extensively with Microsoft products & services
  • Analytical & problem solver / solution provider
  • Able to work independently & as part of a team
  • Able to communicate up, down, & across all levels of the technical backgrounds & wider organisation
  • Relevant certifications (e.g. CompTIA Security+, CISSP: Certified Information Systems Security Professional.  GSEC: GIAC Security Essentials. CEH: Certified Ethical Hacker)
  • Can travel within UK, & Europe

What else are we looking for? (preferable)

  • Working knowledge of securing the cloud (SaaS, PaaS & IaaS), specifically Azure and AWS and Web Application Firewalls such as Imperva & Cloudflare
  • Understanding and use of Information Security risk management frameworks
  • Worked within regulated environments (e.g. GDPR, SOx)
  • Microsoft, Cisco & other relevant product certifications
  • Worked in Retail or Entertainment industries
  • Degree or relevant professional security qualifications
  • Expertise in implementing & running a number of technical security measures such as

Living Our Values

  • Fun-Passion: Provides ‘hands-on’ leadership, inspiration & promote a sense of urgency in setting vision & goals
  • Quality-Service: Ensures that all interactions (advisory & service provision) within the group are of a high standard & recognised
  • Trust-Respect: Listen & act upon feedback from all key stakeholders. Develop & maintain trust with colleagues & senior executives. Respect others’ points of view & empower teams to trial new ideas, make the right decisions & deliver strategy
  • Co-operation-Accountability: Positively challenge managers & executives to make sure we’re delivering on our strategy & achieving the right business outcomes
  • Strategic Leadership: Translates my understanding of our business & stakeholders to create compelling & sustainable business propositions
  • Inspirational Leadership: I put structures in place to facilitate business-wide collaboration & knowledge sharing
  • Change Leadership: Ability to think through all aspects of a change necessary to improve the group’s security position, plan, deliver & communicate throughout

 

Back