Company: Wood
Skills: Security
Education: High School/Secondary
Location: Aberdeen, Scotland, United Kingdom

Overview / Responsibilities

Wood is currently recruiting a Business Information Security Manager who will be accountable to the Business Information Security Officer for the implementation and operational management of Information Security Operations and associated controls across Wood. This individual will manage and maintain the organization's cyber security systems and infrastructure and protects the organization's IT systems and computer networks against cyber attacks, intrusions, malware and various types of data breaches. This role can be based anywhere in the UK, as we work on a hybrid/remote working basis.

Key Accountabilities and Responsibilities:

Information Security Operations

  • Responsible for managing global Information Security Operations through an outsourced IT delivery model
  • Define business impact of security incidents and identify and drive recommendations for change to prevent similar incidents
  • As subject matter expert on the team/function and beyond, maintain understanding of current technology, database management, programming practices, and future trends through ongoing education, conference attendance and industry press
  • Responsible for the day to day running of security including ensuring relevant SLAs for Information Security are met or exceeded
  • Provide regular and timely reporting on the Information Security status globally
  • Provide escalation path for Information Security issues, incidents, and enquiries
  • Continuously improve the Incident Response process including the handling of all Information Security incidents in combination with the outsourced delivery partner
  • Collect and act upon diverse threat intelligence to enhance Wood's Information Security protection
  • Champion Information Security throughout the business and serve as a focal point for business enquiries
  • Develop a solid Information Security foundation based on a continuous improvement cycle with equal weighting placed on People, Process, and Technology
  • Responsible for information security operations delivery and baseline compliance of infrastructure (including monitoring, reporting and assurance) through IT service partner. This includes security controls of servers, desktops, laptops, networks, wireless, security appliances, and email. Regular service compliance reporting will be monitored with agreed KPI's and KRI's
  • Optimise technical controls to ensure efficient protection of Wood Information assets and infrastructure
  • Accountable for assisting in law enforcement relationships for threat intelligence including that of the United States Department of Homeland Security, Police Scotland, US FBI (Infragard), UK Cyber Emergency response team (UK-CERT) and UK CPNI (Centre for Protection of National Infrastructure)
  • Proactive identification and remediation of vulnerabilities across all IT platforms

Business Information Security Management
  • Provide support to key business initiatives by developing and disseminating threat-related intelligence and guidance on security and resiliency policies and standards
  • Act as the trusted advisor to the Business, providing required clarifications and support with pre and post sales activities (e.g. explain Wood Information Security program, support external audits, client request response)
  • Develop and enhance Wood Information Security posture and maturity levels whilst ensuring they remain aligned with business objectives and goals
  • Assist with merger and acquisition due diligence, as needed, for Information Security risks and control alignment
  • Ensure Information Security is viewed as a business enabler

Cyber Security Manager Specific
  • Develop policies, procedures, and related guidelines for an important area of responsibility within a function, ensuring compliance with external requirements and integration with the broader functional policy framework
  • Ensure that business activities within the area of responsibility comply with relevant external regulatory and/or voluntary codes and with internal policies and procedures to minimize business risk and to protect the reputation of the organization

Skills / Qualifications

  • Good level of experience in a related role
  • Degree in related business or equivalent years' experience
  • Recognised Information Security qualification (e.g. CISSP, CISM, etc) or equivalent knowledge
  • Technical certification in relevant Information Security controls (e.g. CCNA Security, Palo Alto ACE, etc) or equivalent knowledge

Knowledge, skills and experience:
  • Strong familiarity with governance and controls frameworks, such as COBIT, COSO, ITIL, ISO, CEP and NIST
  • Broad knowledge of IT, Information Security, Cloud, and emerging trends
  • Detailed technical knowledge of Information Security operational controls
  • A sound understanding of security best practice and relevant international standards
  • Experience in Information Security Operations
  • Experience of dealings with third party regulators
  • Experience of working with risk management methodologies and frameworks

Company Overview

Wood is a global leader in engineering and consultancy across energy and the built environment, helping to unlock solutions to some of the world's most critical challenges. We provide consulting, projects and operations solutions in more than 60 countries, employing around 40,000 people.

Diversity Statement

We are an equal opportunity employer that recognises the value of a diverse workforce. All suitably qualified applicants will receive consideration for employment on the basis of objective criteria and without regard to the following (which is a non-exhaustive list): race, colour, age, religion, gender, national origin, disability, sexual orientation, gender identity, protected veteran status, or other characteristics in accordance with the relevant governing laws.

Wood is a global leader in consulting and engineering across energy and the built environment, helping to unlock solutions to some of the world’s most critical challenges. We provide consulting, projects and operations solutions in more than 60 countries, employing around 40,000 people. At Wood our common purpose is to ‘unlock solutions to the world’s most critical challenges.’ Through the delivery of our Consulting, Project and Operations solutions across energy and the built environment we deliver exceptional returns for our clients, our people, our investors and the communities where we live and work. Visit us at and follow us on Facebook and LinkedIn.