Highways England are inviting a secondment from the partners of the Motorway Alliance for the position of Information Security Lead.
ABOUT THE MOTORWAYS ALLIANCE
The Motorways Alliance is part of the largest road investment in a generation to modernise, maintain and operate the strategic road network. The Motorways Alliance will increase lane capacity through embedding roadside technology and converting hard shoulders to all-lane running. The Motorways Alliance will transform the delivery of the SMP (Smart Motorways Programme) through the development, design and build of multiple road schemes under a single contract for up to 10 years with an estimated overall program value of £4.5 billion. Motorways Alliance is a national programme with the aim to have exemplar performance in terms of safety, cost, time and quality. The Motorways Alliance is comprised of seven partners - Highways England, Fluor, WSP, Jacobs, Costain, Balfour Beatty and BAM/Morgan Sindall. Over the 10-year core period Highways England will release funded packages of work to deliver key programme outcomes. Partners will be collectively responsible and rewarded based upon delivering efficiencies to the Alliance budget. A commercial relationship that enables common goals and aligned incentives rewarding out performance. The Motorways Alliance aims to be recognised as an exceptional place to work through living its vision and mission and demonstrating a culture of collaborative behaviours and leadership. The Motorways Alliance has ambitious goals around the implementation of training to ensure the right culture and behaviours in line with the Behavioural Maturity Framework. Measurements of performance will be expected through such mechanisms as the IBIP process and will continue throughout the duration of the Alliance.
ROLE SUMMARY
Reporting into the Head of Systems, Integration and Technology, the Information Security Lead will manage all aspects of the information security requirements for the alliance, from developing the Alliances Information Security Strategy, through to managing the training of the workforce in all areas related to information security.
You will manage diverse stakeholders both internally and externally in order to deliver the information security governance to meet the alliance information security objectives whilst aligning with Highways England information risk and protection posture.
You’ll support the integration of a diverse IT ecosystem across partner organisations to leverage best available solutions and reduce interfaces between partners IT ecosystems.
This is a unique opportunity to join a ground-breaking Alliance model to deliver SMART Motorways in England over the next 10-year duration.
ROLE REQUIREMENTS
• Develop the Alliance Information Security Strategy either based on elements from some or all, of the Alliance partner organisations Information Security policies and procedures or by defining Alliance specific ones.
• Act as the focal point between Highways England Information Security and the Alliance.
• Maintains the Alliance approach to Confidentiality, Integrity and Availability (CIA triad).
• Work closely with the Alliance to identify and manage the risks around information security and data protection and ensure compliance with ISO27001, ISO27002 and Cyber Essentials accreditations. These accreditations would originally be from the individual partners organisations, but in time, may need to obtain these or similar accreditations for the Alliance directly.
• Conduct analysis and reviews following any breaches of information security controls and preparing recommendations for any appropriate control improvements.
• Participate in annual and strategic planning (such as the Digital Governance Steering group), to align IT security with business strategies.
• Establish and maintain the Alliance security stance through architecture design, security awareness training program, and security documents (policies, standards, baselines, plans, and procedures).
• Oversee the selection of appropriate security solutions, and oversight of any vulnerability audits and assessments.
• Deliver the Information Security governance and reporting structure in line with contract and best practice
• Supports Alliance operations to establish business continuity and disaster recovery objectives.
• Develops and maintains training and awareness programs in coordination with the Alliance Communications function to support information security and cyber security capital knowledge within the Alliance.
• Leverage ‘Best Practice’ security principles and standards to further secure the Alliance's assets.
• Interface with the Alliance with regards to the IT Governance and Compliance for information security quality assurance, regulatory compliance and system or application validation.
The successful candidate will be able to demonstrate the following:
• Proven industry experience working on ISO27001, ISO27002 and GDPR.
• Strong knowledge and understanding of security controls and the ability to evaluate their effectiveness and make recommendations to mitigate risk.
• A good understanding of assurance methodologies, test and auditing protocols.
• Experience with delivering IT security accreditation and maintaining compliance as well as associated periodic reporting regimes.
QUALIFICATIONS:
• Accredited degree in an applicable field of study (preferably engineering, science or technology).
• Experience with Information Security and Information Technology across large companies, on large-scale systems, preferably across multiple hardware and software platforms.
• Ability to thrive in a cross-functional environment.
• Ability to communicate effectively with a wide range of audiences from senior level managers through to co-workers, teams, vendors, contractors and other stakeholders.
• IT and / or Digital background managing diverse or complex requirements in consortiums, joint ventures or alliances is preferred.
MOBILITY:
The work will be mainly performed virtually & felxibly with the likelihood of travel to sites and offices throughout the UK as required.