Serco operates in six sectors of public service provision: Health, Transport, Justice, Immigration, Defence, and Citizens Services.IT Services, as part of Corporate Shared Services, is a highly diverse and continuously evolving business. Part of its success is dependent on providing high quality core support services to the wider Serco Group.
About the role
This role will play a key role in assisting in the enhancement of CSS, and Serco’s risk, compliance and assurance culture across the business as well as measuring and reporting on its effectiveness, thereby reducing risk.
You will established close links with the Serco Divisions, Legal and other regulatory teams to ensure an integrated and efficient approach to the management of risks and compliance to deliver combined assurance.
Core to this role is delivering management of the Serco UK Assured Zones Information Security Management System – providing evidence to the wider CSS Compliance Team and external auditors that Serco is delivering operational security risk management.
Finally you will underpin the wider corporate Serco compliances and certifications and be required to provide maintenance of compliance with both regulatory and contract-specific security requirements, such as Security Policy Framework, PCI-DSS, DPA and ISO27001.
The post will require an element of flexibility and will involve some travel to Serco sites across the UK.
Experience in system and event analysis on a large scale with strong analytical and problem solving skills.
You will be knowledgeable in the impact of risk and risk Management in a business as well as specific understanding of risk and compliance process theories/practices.
Experience in risk and compliance in a multinational and similarly diverse service organisation and an understanding of risk types and how they impact a business.
Knowledge and understanding of multiple Information Security-related requirement sources/standard, examples:
The Government Security Policy Framework (SPF), along with HMG and CESG security standards, memoranda and guidelines.
PCI-DSS, PA-DSS (Payment Card Security)
ISO27001 (Information Security Management)
N3/NHS codes of connection.
PSN connectivity and codes of connection.
Data Protection Act.
UK Government Cyber Essentials Scheme.
You must register to apply for this job.