Agile Information Security Manager

London, Greater London
  1. Full Time
  2. Legal/Regulatory
Posting date:Mon 04, 2018
Agile Information Security Manager - London

About the role

Corporate Security is a highly effective telecommunications fraud and security department, comprising disparate specialist skills ranging from information security specialists to product security experts and from fully qualified crime investigators to network fraud analysts.
This role provides an excellent opportunity for an information security specialist with experience of working using agile development methodologies, to develop and manage processes to ensure that security and privacy requirements are considered and appropriate controls are delivered as part of agile delivery output.

Key Accountabilities:

  • Assess and manage threats to Vodafone UK information assets by establishing effective working relationships with information security and privacy specialists to enable the continued development and improvement of information security assurance across the business.
  • Engage with agile tribes, squads and sprints as a single point of contact (Corporate Security Reference Person) to provide input and guidance to ensure the appropriate security controls and privacy protections are implemented to protect Vodafone systems and sensitive and customer data.
  • Identify situations where agile tribes/squads require intensive specialist support from information security or privacy experts, and facilitate the appropriate level of engagement and participation in related sprints to ensure that the right expert guidance can be provided in a timely manner.
  • Provide support to Tribe leads and Squads to ensure that security and privacy support requirements are identified as early as possible in the planning process by participating in meetings with agile delivery teams as required.
  • Engage with agile development teams to ensure that security risks and issues are considered as part of the delivery of new Digital projects.
  • Improve the effectiveness of interactions between Squads and Corporate Security by providing a single point of contact for requests related to Corporate Security and Privacy topics.
  • Providing immediate feedback to the Squads on Corporate Security-related issues, while forwarding the requests to Information Security / Privacy Specialist, when necessary.
  • Ensuring alignment among Squads and Security/Privacy Specialists in terms of deliverables, priorities and timing, and ensure that any requirements for specialists to be co-located with agile delivery teams are identified and communicated in a timely manner.
  • Being aware of Squads' initiatives and backlog, overseeing Squads outputs, ensuring consistency and alignment with Corporate Security strategy and guidelines, as well as internal and external regulations
  • Generating awareness among Squads regarding basic Corporate Security & Privacy processes and common issues
  • Overseeing Squads outputs in order to spot issues or inconsistencies related to Corporate Security strategy, guidelines or capacity to support resourcing requests.
  • Participate in Quarterly Business Review (QBR) meetings to identify potential strategic interventions of Corporate Security teams in the upcoming quarter, while making sure that no issue has been forgotten or ignored in the previous quarter
Must have technical / professional qualifications: 

Practical experience of working using agile methodologies and managing the impact on security/privacy requirements
Strong experience of developing and implementing policy and controls aligned with information security standards such as ISO 27001
Ability to communicate clearly and effectively (both written and verbally) and at a level appropriate to the intended audience (including board level)
A clear view of how to apply security within the business to promote an excellent customer experience and drive revenue with a proven record or delivery
  • Experience or knowledge of the following is desirable: 
  • Access Control  
  • Identity Management
  • Web application security
  • Database security
  • IT system vulnerability testing
  • Data classification and handling techniques
  • Cryptographic techniques, including key management 
  • Knowledge of the Payment Card Industry data security standards (PCI-DSS) desirable

Life at Vodafone

Helping women advance in their careers – women at Vodafone share their stories

Meet Karin, Head of IoT Commercial