Company: Wood
Skills: Security
Education: High School/Secondary
Location: Aberdeen, Scotland, United Kingdom


Overview / Responsibilities

Wood is currently recruiting for a Business Information Security Manager who will be accountable to the Business Information Security Officer for the implementation and operational management of Information Security Operations and associated controls across Wood.

This individual will manage and maintain the organization's cyber security systems and infrastructure and protects the organization's IT systems and computer networks against cyber attacks, intrusions, malware and various types of data breaches.

Key Accountabilities and Responsibilities:

Information Security Operations

  • Responsible for managing global Information Security Operations through an outsourced IT delivery model
    • Define business impact of security incidents and identify and drive recommendations for change to prevent similar incidents
    • As subject matter expert on the team/function and beyond, maintain understanding of current technology, database management, programming practices, and future trends through ongoing education, conference attendance and industry press
    • Responsible for the day to day running of security including ensuring relevant SLAs for Information Security are met or exceeded
    • Provide regular and timely reporting on the Information Security status globally
    • Provide escalation path for Information Security issues, incidents, and enquiries
    • Continuously improve the Incident Response process including the handling of all Information Security incidents in combination with the outsourced delivery partner
    • Collect and act upon diverse threat intelligence to enhance Wood's Information Security protection
    • Champion Information Security throughout the business and serve as a focal point for business enquiries
    • Develop a solid Information Security foundation based on a continuous improvement cycle with equal weighting placed on People, Process, and Technology
    • Responsible for information security operations delivery and baseline compliance of infrastructure (including monitoring, reporting and assurance) through IT service partner. This includes security controls of servers, desktops, laptops, networks, wireless, security appliances, and email. Regular service compliance reporting will be monitored with agreed KPI's and KRI's
    • Optimise technical controls to ensure efficient protection of Wood Information assets and infrastructure
    • Accountable for assisting in law enforcement relationships for threat intelligence including that of the United States Department of Homeland Security, Police Scotland, US FBI (Infragard), UK Cyber Emergency response team (UK-CERT) and UK CPNI (Centre for Protection of National Infrastructure)
    • Proactive identification and remediation of vulnerabilities across all IT platforms


Business Information Security Management

  • Provide support to key business initiatives by developing and disseminating threat-related intelligence and guidance on security and resiliency policies and standards
  • Act as the trusted advisor to the Business, providing required clarifications and support with pre and post sales activities (e.g. explain Wood Information Security program, support external audits, client request response)
  • Develop and enhance Wood Information Security posture and maturity levels whilst ensuring they remain aligned with business objectives and goals
  • Assist with merger and acquisition due diligence, as needed, for Information Security risks and control alignment
  • Ensure Information Security is viewed as a business enabler


Cyber Security Manager Specific

  • Develop policies, procedures, and related guidelines for an important area of responsibility within a function, ensuring compliance with external requirements and integration with the broader functional policy framework
  • Ensure that business activities within the area of responsibility comply with relevant external regulatory and/or voluntary codes and with internal policies and procedures to minimize business risk and to protect the reputation of the organization


Skills / Qualifications

Qualifications:
  • Good level of experience in a related role
  • Degree in related business or equivalent years' experience
  • Recognised Information Security qualification (e.g. CISSP, CISM, etc) or equivalent knowledge
  • Technical certification in relevant Information Security controls (e.g. CCNA Security, Palo Alto ACE, etc) or equivalent knowledge


Knowledge, skills and experience:
  • Strong familiarity with governance and controls frameworks, such as COBIT, COSO, ITIL, ISO, CEP and NIST
  • Broad knowledge of IT, Information Security, Cloud, and emerging trends
  • Detailed technical knowledge of Information Security operational controls
  • A sound understanding of security best practice and relevant international standards
  • Experience in Information Security Operations
  • Experience of dealings with third party regulators
  • Experience of working with risk management methodologies and frameworks


Company Overview

Wood is a global leader in engineering and consultancy across energy and the built environment, helping to unlock solutions to some of the world's most critical challenges. We provide consulting, projects and operations solutions in more than 60 countries, employing around 45,000 people. www.woodplc.com

Diversity Statement

We are an equal opportunity employer that recognises the value of a diverse workforce. All suitably qualified applicants will receive consideration for employment on the basis of objective criteria and without regard to the following (which is a non-exhaustive list): race, colour, age, religion, gender, national origin, disability, sexual orientation, gender identity, protected veteran status, or other characteristics in accordance with the relevant governing laws.

Wood is a global leader in the delivery of project, engineering and technical services to energy and industrial markets. We operate in more than 60 countries, employing around 55,000 people, with revenues of over $11 billion. We provide performance-driven solutions throughout the asset life cycle, from concept to decommissioning across a broad range of industrial markets including upstream, midstream and downstream oil & gas, chemicals, environment and infrastructure, power & process, clean energy, mining, nuclear and general industrial sectors. We strive to be the best technical services company to work with, work for and invest in.

 

Visit us at www.woodplc.com and follow us on Facebook and LinkedIn