Information Security Director (Powell)

Our company has a collaborative, professional, and fun atmosphere and we offer an exciting array of opportunities for career-minded people with an entrepreneurial spirit.

We are dedicated to growing our business to be the largest single provider of emergency plumbing, electrical, heating and cooling repair services in the nation, while focusing on our mission
– to free our customers from the worry and inconvenience of home emergency repairs.

HomeServe USA is an independent company separate from your local utility or community.

HomeServe USA, a 2019 certified Great Place to Work, provides emergency repair plans which are like roadside assistance for your home.

Our vision is to become the top-of-mind solution for consumers when something goes wrong in their home.

Our incredible growth is fueled by a dynamic team who values collaboration, innovation and delivering exceptional customer service, all while working in a fun and friendly environment.

HomeServe USA is part of a global organization that serves millions of customers in the US, UK, France, Italy and Spain.

Come see why you should work for HomeServe USA Responsibilities PURPOSE OF YOUR ROLE The role exists within the Group CISO team and supports the business in the protection of the Confidentiality, Integrity and Availability of information held and processed by, or on behalf of, HomeServe.

DIMENSIONS Office based with some travel to suppliers and to attend other HomeServe sites.

Involves some supplier management and third party oversight.

PRINCIPAL ACCOUNTABILITIES High level accountabilities: Prevent and manage Information Security incidents.

Governance of Information Security controls within HomeServe and its third parties.

Reduce and manage Information Security risks, maintaining risk registers and associated improvement plans.

Raise awareness of Information Security.

Monitor system use and identify breaches.

Organise, plan and deliver the information security improvement programme.

Reporting of Information Security Metrics, identification of Gaps and tracking improvements.

The delivery of the high level responsibilities will include (but not be limited to): Drive security requirements in the business and advise business stakeholders on security matters.

Provide the link between all parties and stakeholders involved in the field of cyber and information security, including local management, IT teams and other Group security functions.

Help to define and influence the Group s information security strategy.

Manage and drive the security roadmap in the business and ensure the strategy is delivered.

Sponsor, oversee and guide the delivery of security projects.

Maintain visibility and monitor the operation, effectiveness and performance of cyber and information security controls, ensuring they remain fit for purpose and that issues are identified, remediated and reported/escalated as needed.

Review and approve changes in line with security considerations.

Influence and assist development of information security policies, standards, and other requirements interpreting them in relation to specific business information systems.

Drive adoption of and manage compliance with group information security standards and policies and compliance with relevant legislation/regulation and external standards obligations such as PCI DSS.

Review the cost-effectiveness and practicality of existing information security procedures and systems.

Make suggestions for the improvement of these procedures and systems.

Provide technical advice to, and oversight of, those who install, administer, and update computer-based security solutions, controls and configurations.

Support new acquisitions ensuring security improvement plans are in place and that cyber risk is properly managed.

Provide updates and risk information to the Group CISO and senior business stakeholders.

Prevent information security incidents and lead information security incident response within the business.

Lead security incident response and resolution activities.

Working with BC and DR stakeholders as necessary.

Documentation of information security incidents as well as the analysis of the circumstances enabling or permitting these incidents to take place.

Work with internal and external audit functions to deliver audits efficiently and remediate findings.

Ensure third parties are delivering services securely and within risk appetite, including working with procurement teams as necessary.

Provide users and management with support and guidance on matters related to information security.

Act as a resource to users, user department management, and others within the company who are seeking more information about information security.

Deliver and define cyber and information security awareness for the business following centrally devised/agreed approaches and plans.

Design, develop, deliver, or oversee the delivery of classroom training and/or other information security awareness programs (videos, memos, computer-based training, etc.) delivered to users, technical staff, and management.

Stay informed about the latest developments in the information security field, including new products and services, through on-line news services, technical magazines, professional associations, industry conferences, training seminars, and other information sources.

Maintain an understanding of the requirements of industry specific regulations such as PCI-DSS.

Oversee and advise on physical security controls that protect HomeServe premises.

The profile above is not an exhaustive list of the activities that the role holder may be required to undertaken.

The Company may require the role holder to perform other duties as the Company deem necessary to fulfil the requirements of the role.

Qualifications KNOWLEDGE & EXPERIENCE 5 years dedicated to Information Security Bachelor’s degree preferred or equivelent experience in they cybersecurity field Conversant in the latest developments and technologies in the Information Security industry.

Knowledge of networking foundations; IP Addressing, DNS, routing etc Experience with computer network penetration testing and techniques.

Understanding of firewalls, proxies, SIEM, antivirus, IDS/IPS and other technical security solution concepts.

Ability to identify and mitigate network vulnerabilities and explain how to avoid them.

Understanding of patch management with the ability to deploy patches in a timely manner while understanding business impact.

Ability to communicate and work with all levels within the business.

An understanding of Information Systems technology and paper handling processes.

Pragmatic and diplomatic approach to problems and high level incidents.

Excellent communication skills and the ability to build relationships at all levels of the organisation.

Organised, efficient and accurate.

The ability to work independently with minimal supervision.

The desire to remain conversant with developments in the information security industry and to develop further knowledge.

Information Security qualification and several years direct experience in the field of Information Security.

SPECIFIC REGULATORY KNOWLEDGE & COMPETENCIES Experience in an FCA or PRA regulated business is desirable.

Knowledge and experience of ISO27001 and PCI DSS.

In return we offer Competitive compensation Career development and advancement opportunities Casual attire throughout the week Friendly, open and team oriented work atmosphere Excellent benefits including generous medical, vision, dental and life & disability insurance 401(k) plan with a company match HomeServe USA is an equal opportunity employer.

Sorry the Share function is not working properly at this moment.

Please refresh the page and try again later.

Associated topics: attack, forensic, iam, information security, leak, phish, protect, security, threat, vulnerability