IT Resilience / GRC Manager Responsible for developing, implementing, and maintaining processes and documentation to ensure the robustness, stability, and compliance of technology services and systems. To coordinate across technology, business, and risk functions to enhance operational resilience, manage regulatory compliance, oversee audit activity and drive risk management. Technology Resilience: Accountable for co-ordinating the development and maintenance of technology mapping processes to ensure a full understanding is in place for all technologies and technology services in context of their resiliency (response and recovery) position to support the identified Important Customer Business Services and therefore comply both with stated business risk appetite and underpin the 2nd line run compliance with UK Operational Resilience requirements. Work closely with all teams across the company to identify and mitigate potential risks to technology infrastructure and systems. This spans systems and services directly manage d by the IT department as well as systems that are managed by different business areas. Implement processes to identify areas for improvement and support the implementation of appropriate solutions. Audit and Compliance: Accountable for managing and overseeing all IT department audits both internal and external to the company, ensuring a clear, collaborative and open environment that will provide relevant assessments to identify areas of non-compliance and where improvements can be made. Tracking actions and outcomes to conclusion and preparing reports to senior management. Risk Management: Responsible for managing the risks across the IT department that align to Hastings risk management. Conducting regular risk assessments across the IT department to identify, evaluate and mitigate potential risks to the department and company. Providing training to colleagues across the IT department to ensure they understand risk management and controls and ensure all controls are effective and reportable. Collaboration and Ways of Working: Collaboration is essential to ensure the success of the function, fostering good relationships and identifying and providing training and support where required. Mentorship: Act as a mentor to direct reports and teams, assisting in the performance of duties upon request, ensuring constant improvement of skills, building a pipeline of capable resources. Ownership and Curiosity: Establish and maintain a strong sense of ownership for the delivery of timely, high-quality outcomes to our customers, colleagues and company. Foster curiosity, healthy challenge and proactive contribution with the necessary mentoring and support. Enterprise Leadership Responsibilities Strategic Vision & Alignment: Champion the organization s long-term vision by aligning departmental goals with enterprise-wide objectives, ensuring cohesive execution across business units. Cross-Functional Collaboration: Foster strong partnerships across departments, promoting a culture of collaboration, shared accountability, and integrated problem-solving. Change Leadership: Support enterprise-level change initiatives, driving transformation through effective communication, stakeholder engagement, and change management strategies. Innovation & Growth Advocacy: Identify and promote opportunities for innovation, scalability, and sustainable growth across the organization. Executive Influence & Communication: Serve as a trusted advisor to senior leadership, providing actionable insights and recommendations that shape enterprise strategy and decision-making. Culture & Talent Development: Model and cultivate a high-performance culture, mentoring emerging leaders and supporting enterprise-wide talent development initiatives. Risk & Governance Oversight: Contribute to enterprise risk management and governance frameworks, ensuring compliance, resilience, and ethical leadership through pragmatic delivery Skills, qualifications, experience Proven experience with a strong track record in delivering multiple projects successfully across operational areas, IT and processes Extensive knowledge of audit practices and principles, with experience in conducting audits and managing compliance. Solid understanding of risk management processes and strategies, incident response and technology infrastructure management. Deep knowledge and practical execution of Operational and Risk and Resiliency Management principles and practices Exceptional leadership and team management skills. Strong analytical and problem-solving abilities. Excellent communication and interpersonal skills. Ability to work under pressure and manage multiple priorities. Personal Attributes Detail and quality oriented, with a customer focus, with an exceptionally keen eye for detail and highly organised. A team-builder and team player, who can work comfortably in a highly collaborative setting. Works comfortably with senior business leadership, has a positive can-do attitude, open and welcoming to change. Able to manage multiple priorities and meet deadlines, demonstrating an ability to remain calm under stress and in times of uncertainty. Have exceptional leadership skills, being able to influence cross-functional departmental leaders in a particular direction.
11/02/2026
Full time
IT Resilience / GRC Manager Responsible for developing, implementing, and maintaining processes and documentation to ensure the robustness, stability, and compliance of technology services and systems. To coordinate across technology, business, and risk functions to enhance operational resilience, manage regulatory compliance, oversee audit activity and drive risk management. Technology Resilience: Accountable for co-ordinating the development and maintenance of technology mapping processes to ensure a full understanding is in place for all technologies and technology services in context of their resiliency (response and recovery) position to support the identified Important Customer Business Services and therefore comply both with stated business risk appetite and underpin the 2nd line run compliance with UK Operational Resilience requirements. Work closely with all teams across the company to identify and mitigate potential risks to technology infrastructure and systems. This spans systems and services directly manage d by the IT department as well as systems that are managed by different business areas. Implement processes to identify areas for improvement and support the implementation of appropriate solutions. Audit and Compliance: Accountable for managing and overseeing all IT department audits both internal and external to the company, ensuring a clear, collaborative and open environment that will provide relevant assessments to identify areas of non-compliance and where improvements can be made. Tracking actions and outcomes to conclusion and preparing reports to senior management. Risk Management: Responsible for managing the risks across the IT department that align to Hastings risk management. Conducting regular risk assessments across the IT department to identify, evaluate and mitigate potential risks to the department and company. Providing training to colleagues across the IT department to ensure they understand risk management and controls and ensure all controls are effective and reportable. Collaboration and Ways of Working: Collaboration is essential to ensure the success of the function, fostering good relationships and identifying and providing training and support where required. Mentorship: Act as a mentor to direct reports and teams, assisting in the performance of duties upon request, ensuring constant improvement of skills, building a pipeline of capable resources. Ownership and Curiosity: Establish and maintain a strong sense of ownership for the delivery of timely, high-quality outcomes to our customers, colleagues and company. Foster curiosity, healthy challenge and proactive contribution with the necessary mentoring and support. Enterprise Leadership Responsibilities Strategic Vision & Alignment: Champion the organization s long-term vision by aligning departmental goals with enterprise-wide objectives, ensuring cohesive execution across business units. Cross-Functional Collaboration: Foster strong partnerships across departments, promoting a culture of collaboration, shared accountability, and integrated problem-solving. Change Leadership: Support enterprise-level change initiatives, driving transformation through effective communication, stakeholder engagement, and change management strategies. Innovation & Growth Advocacy: Identify and promote opportunities for innovation, scalability, and sustainable growth across the organization. Executive Influence & Communication: Serve as a trusted advisor to senior leadership, providing actionable insights and recommendations that shape enterprise strategy and decision-making. Culture & Talent Development: Model and cultivate a high-performance culture, mentoring emerging leaders and supporting enterprise-wide talent development initiatives. Risk & Governance Oversight: Contribute to enterprise risk management and governance frameworks, ensuring compliance, resilience, and ethical leadership through pragmatic delivery Skills, qualifications, experience Proven experience with a strong track record in delivering multiple projects successfully across operational areas, IT and processes Extensive knowledge of audit practices and principles, with experience in conducting audits and managing compliance. Solid understanding of risk management processes and strategies, incident response and technology infrastructure management. Deep knowledge and practical execution of Operational and Risk and Resiliency Management principles and practices Exceptional leadership and team management skills. Strong analytical and problem-solving abilities. Excellent communication and interpersonal skills. Ability to work under pressure and manage multiple priorities. Personal Attributes Detail and quality oriented, with a customer focus, with an exceptionally keen eye for detail and highly organised. A team-builder and team player, who can work comfortably in a highly collaborative setting. Works comfortably with senior business leadership, has a positive can-do attitude, open and welcoming to change. Able to manage multiple priorities and meet deadlines, demonstrating an ability to remain calm under stress and in times of uncertainty. Have exceptional leadership skills, being able to influence cross-functional departmental leaders in a particular direction.
An amazing opportunity has arisen due to the Ramp up of MBDA deliveries for a Supply Chain Manager/ Supplier Development manager to join ISP in the Sub-Assemblies team. Salary: Circa £50,000 depending on experience Location: Stevenage (We may be able to offer a relocation package for this role) Dynamic (hybrid) working: 2 days per week on-site due to workload classification Security Clearance: British Citizen or a Dual UK national with British citizenship. Restrictions and/or limitations relating to nationality and/or rights to work may apply. As a minimum and after offer stage, all successful candidates will need to undergo HMG Basic Personnel Security Standard checks (BPSS), which are managed by the MBDA Personnel Security Team. What we can offer you: Company bonus: Up to £2,500 (based on company performance and will vary year to year) Pension: maximum total (employer and employee) contribution of up to 14% Overtime: opportunity for paid overtime Flexi Leave: Up to 15 additional days Enhanced parental leave: offers up to 26 weeks for maternity, adoption and shared parental leave. Enhancements are available for paternity leave, neonatal leave and fertility testing and treatments. Facilities: Fantastic site facilities including subsidised meals, free car parking and much more Training and Development: Excellent career progression, training and career development opportunities The opportunity: An opportunity has arisen due to the Ramp up of MBDA deliveries for a Supply Chain Manager/ Supplier Development manager to join ISP in the Sub-Assemblies team. The successful candidate will bring their experience and knowledge to ensure effective Supplier performance, capability & Risk management. As a team, we work across all programmes in MBDA UK in a changing environment, managing and implementing both mature and new technologies. What we're looking for from you: Ideally a degree calibre Supply Chain professional with experience of international working in high technology companies. Experience of supply chain management/ Supplier Development Manager in the Aerospace, Defence or Manufacturing environments with high exposure to machining including capacity and capabilities in the machining and aerospace surface treatments environment. A proven ability to: Demonstrate ability to improve Supplier Performance (Delivery and Quality)using appropriate tools and lean methodologies Capable of carrying out capacity audits which will identify key bottlenecks, yield, resources and sub-tier mapping activities to form an industrial view of supplier Managing a portfolio of suppliers on a day to day basis and reporting into designated project the performance and manage supply chain risks to closure Assess supply chain and suppliers capability to meet MBDA delivery profile for both current state vs Future state Competent in creating/ validating process flows and lead time analysis Hold excellent problem solving skills and understanding of techniques such as DMAIC (Define, Measure, Analyse, Improve, Control) to develop and implement root cause analysis and improvement plans within Supply Chain Identify, Escalate and mitigate potential Supply Chain Risks and put in place associated improvement and mitigation plans Conducting analysis and providing/delivering executive summaries Additionally you may be responsible/ assist in department supply chain excellence improvements Interested? Click Apply Now! Our company: Peace is not a given, Freedom is not a given, Sovereignty is not a given MBDA is a leading defence organisation. We are proud of the role we play in supporting the Armed Forces who protect our nations. We partner with governments to work together towards a common goal, defending our freedom. We are proud of our employee-led networks, examples include: Gender Equality, Pride, Menopause Matters, Parents and Carers, Armed Forces, Ethnic Diversity, Neurodiversity, Disability and more We recognise that everyone is unique, and we encourage you to speak to us should you require any advice, support or adjustments throughout our recruitment process. Follow us on LinkedIn (MBDA), X Instagram (MBDA_UK) and Glassdoor or visit our MBDA Careers website for more information.
04/02/2026
Full time
An amazing opportunity has arisen due to the Ramp up of MBDA deliveries for a Supply Chain Manager/ Supplier Development manager to join ISP in the Sub-Assemblies team. Salary: Circa £50,000 depending on experience Location: Stevenage (We may be able to offer a relocation package for this role) Dynamic (hybrid) working: 2 days per week on-site due to workload classification Security Clearance: British Citizen or a Dual UK national with British citizenship. Restrictions and/or limitations relating to nationality and/or rights to work may apply. As a minimum and after offer stage, all successful candidates will need to undergo HMG Basic Personnel Security Standard checks (BPSS), which are managed by the MBDA Personnel Security Team. What we can offer you: Company bonus: Up to £2,500 (based on company performance and will vary year to year) Pension: maximum total (employer and employee) contribution of up to 14% Overtime: opportunity for paid overtime Flexi Leave: Up to 15 additional days Enhanced parental leave: offers up to 26 weeks for maternity, adoption and shared parental leave. Enhancements are available for paternity leave, neonatal leave and fertility testing and treatments. Facilities: Fantastic site facilities including subsidised meals, free car parking and much more Training and Development: Excellent career progression, training and career development opportunities The opportunity: An opportunity has arisen due to the Ramp up of MBDA deliveries for a Supply Chain Manager/ Supplier Development manager to join ISP in the Sub-Assemblies team. The successful candidate will bring their experience and knowledge to ensure effective Supplier performance, capability & Risk management. As a team, we work across all programmes in MBDA UK in a changing environment, managing and implementing both mature and new technologies. What we're looking for from you: Ideally a degree calibre Supply Chain professional with experience of international working in high technology companies. Experience of supply chain management/ Supplier Development Manager in the Aerospace, Defence or Manufacturing environments with high exposure to machining including capacity and capabilities in the machining and aerospace surface treatments environment. A proven ability to: Demonstrate ability to improve Supplier Performance (Delivery and Quality)using appropriate tools and lean methodologies Capable of carrying out capacity audits which will identify key bottlenecks, yield, resources and sub-tier mapping activities to form an industrial view of supplier Managing a portfolio of suppliers on a day to day basis and reporting into designated project the performance and manage supply chain risks to closure Assess supply chain and suppliers capability to meet MBDA delivery profile for both current state vs Future state Competent in creating/ validating process flows and lead time analysis Hold excellent problem solving skills and understanding of techniques such as DMAIC (Define, Measure, Analyse, Improve, Control) to develop and implement root cause analysis and improvement plans within Supply Chain Identify, Escalate and mitigate potential Supply Chain Risks and put in place associated improvement and mitigation plans Conducting analysis and providing/delivering executive summaries Additionally you may be responsible/ assist in department supply chain excellence improvements Interested? Click Apply Now! Our company: Peace is not a given, Freedom is not a given, Sovereignty is not a given MBDA is a leading defence organisation. We are proud of the role we play in supporting the Armed Forces who protect our nations. We partner with governments to work together towards a common goal, defending our freedom. We are proud of our employee-led networks, examples include: Gender Equality, Pride, Menopause Matters, Parents and Carers, Armed Forces, Ethnic Diversity, Neurodiversity, Disability and more We recognise that everyone is unique, and we encourage you to speak to us should you require any advice, support or adjustments throughout our recruitment process. Follow us on LinkedIn (MBDA), X Instagram (MBDA_UK) and Glassdoor or visit our MBDA Careers website for more information.
A well-respected global business is looking for 2 mid/senior-level Implementation Consultants to join their growing pensions department on a fully remote basis. This is an exciting new role in a business that has many opportunities for growth and development. The role will be a blend with the majority of the time being hands-off, but still having some hands-on elements at times. Responsibilities: Support and develop junior team members, and manage junior resources for specific tasks Owns and is responsible for performing ad-hoc or unusual implementation data processes, as well as leading client implementation projects Act as a centre of technical and process expertise accessible to other team members, checking other members of the teams work Gather and interpret client requirements and processes, translate these into online solutions Manage system configuration activities and quality Facilitate internal and external system training, and provide appropriate documentation Mentor and coach the implementation Analysts and support Implementation Managers where necessary Meet with clients during the implementation cycle to understand requirements, data, processes and systems, and make recommendations on how to implement products and services Undertake system demonstrations to existing clients Review existing business processes and establish new operating procedures where required Conduct system configuration quality control activities Support the technical development of our technology platforms through participation in analysis and design, and specification production for new and/or enhanced developments Undertake system configuration and data analysis Undertake regular reviews of junior members of the team Experience: Can demonstrate experience of writing and executing VBA code Understand the use of tables and queries, including relationships, join types and lookups Demonstrate advanced knowledge of SQL programming language or an equivalent relational database language Prior exposure to Progress/OpenEdge ABL Previous experience in data or employee benefit system migrations and pensions is essential Be able to describe different data analysis techniques Experience of data migration methodologies; data mapping, data mining and data quality analysis Can demonstrate the ability to perform end-to-end data audits Can demonstrate a good overall understanding of Payroll processing Benefits: Excellent annual leave allowance, starting at 23 days (rising to 27) with the opportunity to buy extra leave Competitive company matched pension, life assurance, 15 weeks fully paid maternity, adoption and shared parental leave and full paternity pay for two weeks Opportunity to take a paid day to volunteer for one of their charity partners or a cause of your choosing
21/09/2022
Full time
A well-respected global business is looking for 2 mid/senior-level Implementation Consultants to join their growing pensions department on a fully remote basis. This is an exciting new role in a business that has many opportunities for growth and development. The role will be a blend with the majority of the time being hands-off, but still having some hands-on elements at times. Responsibilities: Support and develop junior team members, and manage junior resources for specific tasks Owns and is responsible for performing ad-hoc or unusual implementation data processes, as well as leading client implementation projects Act as a centre of technical and process expertise accessible to other team members, checking other members of the teams work Gather and interpret client requirements and processes, translate these into online solutions Manage system configuration activities and quality Facilitate internal and external system training, and provide appropriate documentation Mentor and coach the implementation Analysts and support Implementation Managers where necessary Meet with clients during the implementation cycle to understand requirements, data, processes and systems, and make recommendations on how to implement products and services Undertake system demonstrations to existing clients Review existing business processes and establish new operating procedures where required Conduct system configuration quality control activities Support the technical development of our technology platforms through participation in analysis and design, and specification production for new and/or enhanced developments Undertake system configuration and data analysis Undertake regular reviews of junior members of the team Experience: Can demonstrate experience of writing and executing VBA code Understand the use of tables and queries, including relationships, join types and lookups Demonstrate advanced knowledge of SQL programming language or an equivalent relational database language Prior exposure to Progress/OpenEdge ABL Previous experience in data or employee benefit system migrations and pensions is essential Be able to describe different data analysis techniques Experience of data migration methodologies; data mapping, data mining and data quality analysis Can demonstrate the ability to perform end-to-end data audits Can demonstrate a good overall understanding of Payroll processing Benefits: Excellent annual leave allowance, starting at 23 days (rising to 27) with the opportunity to buy extra leave Competitive company matched pension, life assurance, 15 weeks fully paid maternity, adoption and shared parental leave and full paternity pay for two weeks Opportunity to take a paid day to volunteer for one of their charity partners or a cause of your choosing
At Jacobs, we'll inspire and empower you to deliver your best work so you can evolve, grow and succeed - today and into tomorrow. With more than 55,000 people in 40 countries, working at Jacobs offers an exciting range of opportunities to develop your career within a supportive and diverse team who always strive to do the right thing for our people, clients and communities. People are Jacobs' greatest asset, and we offer a competitive package to retain and attract the best talent. In addition to the benefits you'd expect, UK employees also receive free single medical cover and digital GP service, family friendly benefits such as enhanced parental leave pay, free membership of employee assistance and parental programmes, plus reimbursement towards relevant professional development and memberships. We also give back to our communities through our Collectively program which incorporates matched-funding, paid volunteering time and charitable donations. Job Purpose / Overview The SZC Chief Information Security Officer (CISO) is responsible for establishing the right security and governance practices and enabling a framework for risk-free and scalable business operations in the Nuclear New Build (NNB) SZC construction and nuclear security business landscape. This is a leadership position and is focused on understanding the security challenges in the current and future state of business operations, mapping learning from NNB Hinkley Point C (HPC) Project and the Technical Services Organisation (TSO) and preparing the SZC Project organisation with the right tools, skills, resources, relationships and capabilities against growing cyber and information security risks. Contextual Information Operating Environment SZC project will be the largest infrastructure project in Europe following HPC. It relies on both Information Technology (IT) and Operational Technology (OT) systems and the information processed by them for safety, security and business continuity. Loss or compromise of Sensitive Nuclear Information (SNI), information subject to Export Control, sensitive commercial information (SCI) or personal information through Computer Network Exploitation (CNE), or compromise of either IT or OT systems through Computer Network Attack present serious and enduring risks to the Project, Delivery partners and Supply Chain. Understanding and mitigating Cyber Security and Information Assurance (CS&IA) risks in the context of a constantly evolving threat landscape is thus fundamental to the success of Construction, design, manufacture and commissioning in addition to business operations, which collectively support the delivery of NNB (SZC) Project. SZC is an 'nth' of a kind replication of HPC Project and the role must support intelligent replication of the security case from HPC, achieved by utilising suitably qualified and experienced personnel (SQEP) resource within the TSO. Framework & Boundaries Maintains key relationships and works closely with the Technical Services Organisation to drive SZC Project Information Security Assurance and provide direction to cyber and information security Delivery Maintains key relationships with SZC IT delivery - IT & IM Digital Services and SZC Digital Systems and Solutions (Civils Works Programme) SZC nuclear baseline role holder Travel to TSO (Barnwood, Gloucester), SZC Project Site Offices (Suffolk) and SZC Project Offices (London) is expected as part of the role. Principal Accountabilities End to End Security Operations - Develop and design a comprehensive Cyber Security and Information Assurance Strategy and Information Security Management System (ISMS) Engage with overall organisational data strategy and advise on the best data management approach, aligning data privacy with business objectives ensuring information security safeguards are effective. Evaluate the Information Technology Threat landscape, devise policies and controls to reduce risk and lead auditing and compliance initiatives. Act as the Intelligent Customer (IC) for End 2 End cyber and information security requirements within all Project contracts Work with the SZC Security Manager to ensure SZC Project overall security arrangements meet the required legislation, standards etc. Manage interface with TSO to develop the Operational Technology (OT) Security Plan, establish policy and define IT requirements including Instrumentation and Control (I&C) as part of the wider CS&IA strategy Manage interface with TSO to procure services of Contract Security Officers to conduct supply chain assurance. Compliance - ensure that security arrangements meet legal obligations; including GDPR, Export Control and Nuclear Industries Security Regulations (NISR) 2003. Human Resources - ensure the appropriate verification checks, security education and training programs and policies for identity and access management are in place. Disaster Recovery and Business Continuity - Ensure compliance with ISO 27001 and develop a robust crisis communication channel, disaster recovery and risk management system in line with ONR (CNSS) Security Functional Security Principles (FSyP) 1, 2, 3, 5 and 7. Documentation - Contribute to a variety of security policy domains associated with compliance, Governance, risk management, incident management and HR management IT and Cyber Security Requirements - Evaluate business opportunities, regulatory requirements and business risks associated with SZC cloud network and all Information Security Projects, defining the optimal trade-off, reporting directly to the board and specifying cyber security, information security and data management requirements internally and through supply chain. Responsible for ensuring that Supply Chain Cyber Security puts in place appropriate Cyber Security and Information Security risk management and assurance that meet the required standards. Manage and hold the interfaces with ONR Civil Nuclear Safeguard and Security (CNSS) for Information Security. Establish priority for the Construction site based Cyber Security and Information Assurance Lead (CS&IA) in risk assessment and assurance of SZC/Delivery Partner and Contractor Information and Operational Technology systems (ICS/SCADA/IoT) on the NNB Gen Co (SZC) Construction site. Support both CS&IA and (CIO) IT & IM Digital Services Cyber Security Leads with specialist Forensic investigation as a result of incident response. Dimensions Reports to Director Safety, Security and Assurance (later this reporting line will switch to the SZC Head of Security) Dotted line reporting to TSO CISO Needs to form a strong relationship with TSO CISO lead spending time at Barnwood (Gloucester) and 90 Whitfield Street (London) to understand Project needs. Leads dotted line report; to the Cyber Security and Information Assurance Lead (Construction Site) and the IT & IM Digital Services Cyber Security Lead (SZC Common Data Environment) - works within .Knowledge, Skills, Qualifications & Experience Essential Knowledge of Civil Nuclear Cyber Security Strategy. Established cyber security credentials. Good working knowledge of applicable international standards and information security frameworks (ISO27001, ISO27017, GDPR, Cyber Essentials Plus). Aware of risk assessment methodologies including ISO27005 and NIST. Educated to degree level (or equivalent) or have a comparable level of practical experience Knowledge and experience of NIS Regulations and Cyber Assessment Framework (CAF). Knowledge of CPNI and NCSC material including assurance of supply chain activities. Knowledge of HMG Security Policy Framework. Confident in own abilities and be able to deliver in a dynamic environment. Proven people and team leadership skills Proven stakeholder management Excellent presentation and communication skills - both written and verbal. The post holder must currently hold or be able to achieve NSV SC. Desirable Experience working in the UK nuclear or regulated industry is highly desirable. Experience in a complex project environment including change control processes. A recognised security certification is desirable e.g. CISMP, Security , CEH. Experienced in specifying, designing and producing technical documentation to exacting standards. Excellent written English, including the preparation of suites of technical documents. Track record of providing innovative solutions within a technically complex environment - ideally within the nuclear sector Technical knowledge of physical, personnel and cyber security management systems and solutions. Experience of National Cyber Security Centre (NCSC) and Centre for the Protection of National Infrastructure (CPNI) methodologies, highly desirable. Experience working in a Project Organisation and/or with a Design Authority Our values stand on a foundation of safety, integrity, inclusion and diversity. We put people at the heart of our business and we truly believe that by supporting one another through our culture of caring, we all succeed. We value positive mental health and a sense of belonging for all employees. Find out more about life at Jacobs. We aim to embed inclusion and diversity in everything we do. We know that if we are inclusive, we're more connected, and if we are diverse, we're more creative. We accept people for who they are, regardless of age, disability, gender identity, gender expression, marital status, mental health, race, faith or belief, sexual orientation, socioeconomic background, and whether you're pregnant or on family leave. This is reflected in our wide range of Global Employee Networks centred on inclusion and diversity - ACE, Careers, Enlace..... click apply for full job details
01/02/2022
Full time
At Jacobs, we'll inspire and empower you to deliver your best work so you can evolve, grow and succeed - today and into tomorrow. With more than 55,000 people in 40 countries, working at Jacobs offers an exciting range of opportunities to develop your career within a supportive and diverse team who always strive to do the right thing for our people, clients and communities. People are Jacobs' greatest asset, and we offer a competitive package to retain and attract the best talent. In addition to the benefits you'd expect, UK employees also receive free single medical cover and digital GP service, family friendly benefits such as enhanced parental leave pay, free membership of employee assistance and parental programmes, plus reimbursement towards relevant professional development and memberships. We also give back to our communities through our Collectively program which incorporates matched-funding, paid volunteering time and charitable donations. Job Purpose / Overview The SZC Chief Information Security Officer (CISO) is responsible for establishing the right security and governance practices and enabling a framework for risk-free and scalable business operations in the Nuclear New Build (NNB) SZC construction and nuclear security business landscape. This is a leadership position and is focused on understanding the security challenges in the current and future state of business operations, mapping learning from NNB Hinkley Point C (HPC) Project and the Technical Services Organisation (TSO) and preparing the SZC Project organisation with the right tools, skills, resources, relationships and capabilities against growing cyber and information security risks. Contextual Information Operating Environment SZC project will be the largest infrastructure project in Europe following HPC. It relies on both Information Technology (IT) and Operational Technology (OT) systems and the information processed by them for safety, security and business continuity. Loss or compromise of Sensitive Nuclear Information (SNI), information subject to Export Control, sensitive commercial information (SCI) or personal information through Computer Network Exploitation (CNE), or compromise of either IT or OT systems through Computer Network Attack present serious and enduring risks to the Project, Delivery partners and Supply Chain. Understanding and mitigating Cyber Security and Information Assurance (CS&IA) risks in the context of a constantly evolving threat landscape is thus fundamental to the success of Construction, design, manufacture and commissioning in addition to business operations, which collectively support the delivery of NNB (SZC) Project. SZC is an 'nth' of a kind replication of HPC Project and the role must support intelligent replication of the security case from HPC, achieved by utilising suitably qualified and experienced personnel (SQEP) resource within the TSO. Framework & Boundaries Maintains key relationships and works closely with the Technical Services Organisation to drive SZC Project Information Security Assurance and provide direction to cyber and information security Delivery Maintains key relationships with SZC IT delivery - IT & IM Digital Services and SZC Digital Systems and Solutions (Civils Works Programme) SZC nuclear baseline role holder Travel to TSO (Barnwood, Gloucester), SZC Project Site Offices (Suffolk) and SZC Project Offices (London) is expected as part of the role. Principal Accountabilities End to End Security Operations - Develop and design a comprehensive Cyber Security and Information Assurance Strategy and Information Security Management System (ISMS) Engage with overall organisational data strategy and advise on the best data management approach, aligning data privacy with business objectives ensuring information security safeguards are effective. Evaluate the Information Technology Threat landscape, devise policies and controls to reduce risk and lead auditing and compliance initiatives. Act as the Intelligent Customer (IC) for End 2 End cyber and information security requirements within all Project contracts Work with the SZC Security Manager to ensure SZC Project overall security arrangements meet the required legislation, standards etc. Manage interface with TSO to develop the Operational Technology (OT) Security Plan, establish policy and define IT requirements including Instrumentation and Control (I&C) as part of the wider CS&IA strategy Manage interface with TSO to procure services of Contract Security Officers to conduct supply chain assurance. Compliance - ensure that security arrangements meet legal obligations; including GDPR, Export Control and Nuclear Industries Security Regulations (NISR) 2003. Human Resources - ensure the appropriate verification checks, security education and training programs and policies for identity and access management are in place. Disaster Recovery and Business Continuity - Ensure compliance with ISO 27001 and develop a robust crisis communication channel, disaster recovery and risk management system in line with ONR (CNSS) Security Functional Security Principles (FSyP) 1, 2, 3, 5 and 7. Documentation - Contribute to a variety of security policy domains associated with compliance, Governance, risk management, incident management and HR management IT and Cyber Security Requirements - Evaluate business opportunities, regulatory requirements and business risks associated with SZC cloud network and all Information Security Projects, defining the optimal trade-off, reporting directly to the board and specifying cyber security, information security and data management requirements internally and through supply chain. Responsible for ensuring that Supply Chain Cyber Security puts in place appropriate Cyber Security and Information Security risk management and assurance that meet the required standards. Manage and hold the interfaces with ONR Civil Nuclear Safeguard and Security (CNSS) for Information Security. Establish priority for the Construction site based Cyber Security and Information Assurance Lead (CS&IA) in risk assessment and assurance of SZC/Delivery Partner and Contractor Information and Operational Technology systems (ICS/SCADA/IoT) on the NNB Gen Co (SZC) Construction site. Support both CS&IA and (CIO) IT & IM Digital Services Cyber Security Leads with specialist Forensic investigation as a result of incident response. Dimensions Reports to Director Safety, Security and Assurance (later this reporting line will switch to the SZC Head of Security) Dotted line reporting to TSO CISO Needs to form a strong relationship with TSO CISO lead spending time at Barnwood (Gloucester) and 90 Whitfield Street (London) to understand Project needs. Leads dotted line report; to the Cyber Security and Information Assurance Lead (Construction Site) and the IT & IM Digital Services Cyber Security Lead (SZC Common Data Environment) - works within .Knowledge, Skills, Qualifications & Experience Essential Knowledge of Civil Nuclear Cyber Security Strategy. Established cyber security credentials. Good working knowledge of applicable international standards and information security frameworks (ISO27001, ISO27017, GDPR, Cyber Essentials Plus). Aware of risk assessment methodologies including ISO27005 and NIST. Educated to degree level (or equivalent) or have a comparable level of practical experience Knowledge and experience of NIS Regulations and Cyber Assessment Framework (CAF). Knowledge of CPNI and NCSC material including assurance of supply chain activities. Knowledge of HMG Security Policy Framework. Confident in own abilities and be able to deliver in a dynamic environment. Proven people and team leadership skills Proven stakeholder management Excellent presentation and communication skills - both written and verbal. The post holder must currently hold or be able to achieve NSV SC. Desirable Experience working in the UK nuclear or regulated industry is highly desirable. Experience in a complex project environment including change control processes. A recognised security certification is desirable e.g. CISMP, Security , CEH. Experienced in specifying, designing and producing technical documentation to exacting standards. Excellent written English, including the preparation of suites of technical documents. Track record of providing innovative solutions within a technically complex environment - ideally within the nuclear sector Technical knowledge of physical, personnel and cyber security management systems and solutions. Experience of National Cyber Security Centre (NCSC) and Centre for the Protection of National Infrastructure (CPNI) methodologies, highly desirable. Experience working in a Project Organisation and/or with a Design Authority Our values stand on a foundation of safety, integrity, inclusion and diversity. We put people at the heart of our business and we truly believe that by supporting one another through our culture of caring, we all succeed. We value positive mental health and a sense of belonging for all employees. Find out more about life at Jacobs. We aim to embed inclusion and diversity in everything we do. We know that if we are inclusive, we're more connected, and if we are diverse, we're more creative. We accept people for who they are, regardless of age, disability, gender identity, gender expression, marital status, mental health, race, faith or belief, sexual orientation, socioeconomic background, and whether you're pregnant or on family leave. This is reflected in our wide range of Global Employee Networks centred on inclusion and diversity - ACE, Careers, Enlace..... click apply for full job details
Hamilton Forth are working with one of the world's leading commercial services business, to recruit a Group Data Privacy Manager to join its team. The successful candidate will be based at its office location in Edinburgh and support the Group Legal team and business units. They operate out of 200 sites located in more than 30 countries. This is a rewarding and varied role with a commercial focus will involve development, implementation and oversight of policies, procedures and practices necessary to ensure that the company complies with all applicable privacy laws and regulations and conforms to industry best practices. Responsibilities: Responsible for privacy by design and first point of contact for all privacy related matters Provision of guidance related to privacy matters in partnership with Human Resources, Procurement, Information Security and Sales/Marketing teams Chairing the Group Privacy Steering Committee Monitoring compliance with the Group's Policies and Procedures and providing updates on the data protection compliance programme to senior management Responsible for data mapping, carrying out regular audits and maintaining the data register Review or populate data processing agreements and EU standard contractual clauses Updating and rolling-out of training to staff to raise awareness of data protection and foster a data privacy culture within the Group Working with the Information Security team to ensure that systems and procedures comply with all relevant data privacy and protection laws, regulation and policy Cooperating with relevant supervisory authorities including in the event of any data breach which may need to be notified to the relevant authorities and to individuals (and assist with containment and mitigation of the breach) Advising in relation to data retention and deletion, particularly regarding HR files and employee data, including where held in offsite storage Assisting in relation to M&A due diligence and data privacy integration workstreams Supporting HR teams, including when responding to data subject requests and dealing with local regulators. Qualifications: Preferably hold at least one Data Protection and/or Privacy certification, such as CIPT/CIPM/CIPP Experience as a Group Privacy Manager/Data Protection Officer or a similar compliance role Expert knowledge of data privacy legislation including GDPR Knowledge of cyber security risks and information security standards. Experience working in a multi-site international business would be preferable. The company offer flexible working along with a competitive salary and benefits.
10/09/2021
Full time
Hamilton Forth are working with one of the world's leading commercial services business, to recruit a Group Data Privacy Manager to join its team. The successful candidate will be based at its office location in Edinburgh and support the Group Legal team and business units. They operate out of 200 sites located in more than 30 countries. This is a rewarding and varied role with a commercial focus will involve development, implementation and oversight of policies, procedures and practices necessary to ensure that the company complies with all applicable privacy laws and regulations and conforms to industry best practices. Responsibilities: Responsible for privacy by design and first point of contact for all privacy related matters Provision of guidance related to privacy matters in partnership with Human Resources, Procurement, Information Security and Sales/Marketing teams Chairing the Group Privacy Steering Committee Monitoring compliance with the Group's Policies and Procedures and providing updates on the data protection compliance programme to senior management Responsible for data mapping, carrying out regular audits and maintaining the data register Review or populate data processing agreements and EU standard contractual clauses Updating and rolling-out of training to staff to raise awareness of data protection and foster a data privacy culture within the Group Working with the Information Security team to ensure that systems and procedures comply with all relevant data privacy and protection laws, regulation and policy Cooperating with relevant supervisory authorities including in the event of any data breach which may need to be notified to the relevant authorities and to individuals (and assist with containment and mitigation of the breach) Advising in relation to data retention and deletion, particularly regarding HR files and employee data, including where held in offsite storage Assisting in relation to M&A due diligence and data privacy integration workstreams Supporting HR teams, including when responding to data subject requests and dealing with local regulators. Qualifications: Preferably hold at least one Data Protection and/or Privacy certification, such as CIPT/CIPM/CIPP Experience as a Group Privacy Manager/Data Protection Officer or a similar compliance role Expert knowledge of data privacy legislation including GDPR Knowledge of cyber security risks and information security standards. Experience working in a multi-site international business would be preferable. The company offer flexible working along with a competitive salary and benefits.
Application Architect (Azure, Dynamics, Logic Apps, Web Apps)
The UK’s leading provider of IT solutions and services is looking to hire an Application Architect (Azure, Dynamics, Logic Apps, Web Apps) within their rapidly expanding IT Team. The Application Architect (Azure, Dynamics, Logic Apps, Web Apps) is a combination of solutions architecture, application architecture and information security management.
The Application Architect (Azure, Dynamics, Logic Apps, Web Apps) will be challenged primarily with delivering the required IT architectural deliverables and associated expertise into the team for both BAU and project activities reporting directly to the IT Director.
Responsibilities of the Application Architect (Azure, Dynamics, Logic Apps, Web Apps)
* Ensuring that the SW IT managed systems are compliant with defined IT Governance and Security Policies
* Collation and definition of non-functional requirements
* IT solution design delivering traceability back to:
* Functional requirements where applicable
* Non-functional requirements
* policies
* Supporting the IT Director and Product Managers in the creation of yearly IT Roadmaps for the SW IT managed systems
* Responsibility for Information Security within the business
* Deliver the technical design/IT architecture aspects of the required system integrations with both clients and suppliers
* Manage/Deliver the required service definition and transition processes for all IT managed applications
* The development and maintenance of all IT architectural documentation supporting the IT managed systems
* Support the IT and Finance Directors in the tracking aspects of the IT budget where applicable including business case development and capex request submission
* The building and maintenance of strong working relationships with IT suppliers/support providers
* Deliver and/or management of the IT Solutions and application architectural resource and deliverables for the IT project portfolio
* Attendance and/or management of the IT change board
* Provide a point of escalation for the IT support teams members
Experience for the Application Architect (Azure, Dynamics, Logic Apps, Web Apps)
* Qualified to Degree Level or holds a professional IT qualification
* Minimum of three years delivery of IT Solutions and or technical/application architecture within an enterprise
* Strong IT architecture experience of working within IT governance and security policy frameworks
* Previous experience in certification with IS027001, maintaining an ISMS, and the auditing process
* Previous experience in InfoSec focused roles
* Proven delivery of IT architectural design compliant with defined IT standards
* Proven delivery of IT service definition and supporting management processes
* Proven track record in effectively managing people
* Proven delivery or IT system integration including:
* Document creation – Interface Control Documents
* Transport options and encryption
* Data mapping and validation
* Data Analytics/BI exposure
* Monitoring/logging configurations
* Understanding of application development processes and release management
* Experience managing stakeholders and developing relationships
* Strong understanding of Information Technology and Applications, including experience of Microsoft Dynamics CRM or Dynamics 365
* Proven delivery and management of cloud hosted infrastructure and application solutions – including the Microsoft Azure Platform
* Combines technical competence with business and commercial awareness and first-class communications skills
* Strong ability to work under pressure to meet deadlines
* Strong IT troubleshooting and investigation skills
29/10/2018
Application Architect (Azure, Dynamics, Logic Apps, Web Apps)
The UK’s leading provider of IT solutions and services is looking to hire an Application Architect (Azure, Dynamics, Logic Apps, Web Apps) within their rapidly expanding IT Team. The Application Architect (Azure, Dynamics, Logic Apps, Web Apps) is a combination of solutions architecture, application architecture and information security management.
The Application Architect (Azure, Dynamics, Logic Apps, Web Apps) will be challenged primarily with delivering the required IT architectural deliverables and associated expertise into the team for both BAU and project activities reporting directly to the IT Director.
Responsibilities of the Application Architect (Azure, Dynamics, Logic Apps, Web Apps)
* Ensuring that the SW IT managed systems are compliant with defined IT Governance and Security Policies
* Collation and definition of non-functional requirements
* IT solution design delivering traceability back to:
* Functional requirements where applicable
* Non-functional requirements
* policies
* Supporting the IT Director and Product Managers in the creation of yearly IT Roadmaps for the SW IT managed systems
* Responsibility for Information Security within the business
* Deliver the technical design/IT architecture aspects of the required system integrations with both clients and suppliers
* Manage/Deliver the required service definition and transition processes for all IT managed applications
* The development and maintenance of all IT architectural documentation supporting the IT managed systems
* Support the IT and Finance Directors in the tracking aspects of the IT budget where applicable including business case development and capex request submission
* The building and maintenance of strong working relationships with IT suppliers/support providers
* Deliver and/or management of the IT Solutions and application architectural resource and deliverables for the IT project portfolio
* Attendance and/or management of the IT change board
* Provide a point of escalation for the IT support teams members
Experience for the Application Architect (Azure, Dynamics, Logic Apps, Web Apps)
* Qualified to Degree Level or holds a professional IT qualification
* Minimum of three years delivery of IT Solutions and or technical/application architecture within an enterprise
* Strong IT architecture experience of working within IT governance and security policy frameworks
* Previous experience in certification with IS027001, maintaining an ISMS, and the auditing process
* Previous experience in InfoSec focused roles
* Proven delivery of IT architectural design compliant with defined IT standards
* Proven delivery of IT service definition and supporting management processes
* Proven track record in effectively managing people
* Proven delivery or IT system integration including:
* Document creation – Interface Control Documents
* Transport options and encryption
* Data mapping and validation
* Data Analytics/BI exposure
* Monitoring/logging configurations
* Understanding of application development processes and release management
* Experience managing stakeholders and developing relationships
* Strong understanding of Information Technology and Applications, including experience of Microsoft Dynamics CRM or Dynamics 365
* Proven delivery and management of cloud hosted infrastructure and application solutions – including the Microsoft Azure Platform
* Combines technical competence with business and commercial awareness and first-class communications skills
* Strong ability to work under pressure to meet deadlines
* Strong IT troubleshooting and investigation skills
