COMPANY OVERVIEW
As a global leader in cash technology solutions, we provide the financial, retail, cash centre and gaming industries with confidence that their cash is protected and always working to help build a stronger business.
Our cash automation technologies and process engineering services help businesses in more than 100 countries optimise the handling, movement and management of cash. While we span the globe, we personally engage with each customer to address their unique challenges and goals — enhancing staff efficiency, reducing operating costs and enabling a more rewarding customer experience.
We offer peace of mind. We enable transformation. We generate options. We empower people. We do all this by releasing companies from the burden of cash management, putting cash to work, and helping customers enhance the value that their staff and facilities add to their business.
ROLE PURPOSE
In this newly created position, you'll use your knowledge and experience to support all Information Security and Data Protection compliance and governance activities. Compliance and governance is an area of increasing focus within the GGS Information Security and Data Protection team and day to day you will provide support and guidance on these matters, particularly with regards to the implications of new products, services.
You will be expected to contribute and work in cross-functional teams, delivering accurate Information Security expertise, on a regular basis, with an emphasis on timely advice, timely intervention and risk management and continuous improvement of embedded Information Security good practise whilst keeping them informed of priorities and delivery progress You will be responsible for the tracking of measures to mitigate Information Security risks, further expanding on our Information Security Maturity and Resilience measures to help protect the organisation against Information Security threats.
You will also work closely with key information security management stakeholders across the organisation and its operations, to adopt and enhance common frameworks and security governance, as well as managing the activities needed to attain and maintain SOC2 compliance, ISO27001 and PCI-SSS.
Working closely with the GGS Head of Information Security and GGS CISO this role will help identify, implement, and maintain suitable Information Security Compliance for Glory products and services.
You must be a highly effective communicator and a supportive team player, taking a consultative approach whilst maintaining the integrity and independence of the Legal department.
MAIN RESPONSIBILITIES
- Develop, maintain, evaluate and implement policies and procedures in line with both business requirements, compliance requirements and national/international legislative or regulatory changes.
- Support the management of relevant security compliance certifications, including SOC2, PCI, ISO27001, Cyber Essentials whilst contributing towards ongoing compliance roadmap.
- Subject matter expert to the business and about responsibilities regarding security related frameworks and compliance standards.
- Provide expert advice to key stakeholders on all Information Security governance and compliance matters.
- Perform Information Security and Data Protection audits and assessments in line with compliance standards. Develop action plans to address identified non-compliances.
- Maintain and develop the Information Security Governance, Risk and Compliance tools (OneTrust).
- Contribute to the production and circulation of reports to demonstrate the effectiveness of Information Security controls and processes.
- Contribute to the security awareness and educational activities across the organisation as required.
- Work closely with internal teams to ensure compliance with Information Security whilst supporting the goals of the business.
ADDITIONAL RESPONSIBILITIES
- Conducting Information Security and Data Protection Reviews on new and current Glory products and IT systems and working with stakeholders to resolve identified risks.
- Providing expert Information Security risk based advice on Third Party Vendors through the lifecycle of contract relationships.
- Providing reviews of technical architecture design documentation to make risk based recommendations and assessments to aid the business in delivering security and privacy by design.
- Monitor the operation of security controls and propose improvements or new or revised controls in order to keep the impact and occurrence of information security incidents within the business’s risk appetite levels.
- Ensure key Information security internal and external documentation is in place for GGS Products and services delivered.
- Handle day to day security incidents and escalate when appropriate.
- Provide appropriate levels of documentation on security controls, incidents, and risks
- Co-ordination and responding to customer due diligence requests.
- Identify, engage and manage 3rd party organisations to ensure appropriate vulnerability assessments and penetration testing are conducted to ensure the rigour of information security processes and systems. Provide recommendations to minimise the likelihood and impact of any denial of service, penetration, or fraudulent activities / attacks that could affect brand or business.
- Identify and track security best practices to allow the r eview of the effectiveness of the information security controls and the implementation of co-ordinated across the organisation to maintain/improve information security.
REQUIRED EDUCATION AND QUALIFICATIONS
Education Level:
- A proven track record in Information Security
- A technical degree or professional qualification (e.g. CISSP, CISM, CISA)
REQUIRED SKILLS AND COMPETENCIES
- Must have experience in Information Security Governance.
- Must have experience with the ISO27001 or SOC2 standards.
- Experience in PCI standards, including PCI SSF an advantage.
- Understanding of software development lifecycle and project management techniques, applying Information Security principals as appropriate.
- Knowledge of Information security relevant legal and regulatory requirements; knowledge of relevant Data Protection laws an advantage, including GDPR and CPRA.
- Understanding of enterprise risk management methods.
- IT skills are important as is the ability to interpret technical solutions to ensure the risks are identified and appropriate controls and safeguards applied.
- Working technical knowledge of infrastructure, networks, databases and systems in relation to Information Security and Risk and advantage.
- Must be well organized, efficient and have ability to prioritize and to work well under pressure.
- Must have ability to handle multiple tasks and meet conflicting deadlines in short timeframe.
- Must have excellent attention to detail and strong writing and communication skills.
- Must have the ability to exercise independent judgment and determine when consultation with others (such as lawyers, sales executives etc.) is required.
- Ability to work autonomously.
- Proficient use Microsoft Office, including Word, Excel and PowerPoint.
- Knowledge of OneTrust considered an advantage.
- Comfortable to challenge seniority and existing processes.
- Must be a good team player.
- Proficient in spoken and written English.
GLORY SPIRITS
The Glory Spirits & Behaviours reflect the values and behaviours that are critical to the ongoing success of Glory and as such represent the foundations of our behaviour globally to lead us to realise our mission:
Value Creation – strive to create value for customers
Self-Starter – understand the objectives of your own work and are proactive in achieving goals
Collaboration -respect diversity and create a culture of collaboration to work with each other to achieve a common goal
Integrity -understand Glory’ Mission and act with responsibility and pride to realise achievement and act and behave with high integrity and a strong sense of ethics
Own Growth – leverage our own talent and achieve personal development by adopting a broader perspective; looking beyond our own work.
Glory believes in equal opportunity for all qualified persons and will not discriminate against any applicant for employment because of race, colour, religion, marital status, national origin, gender, age, disability, veteran status, or any other status protected by law.
Third Party Agencies
Unsolicited resumes will not be accepted by Glory. Should an agency choose to send unsolicited resumes, Glory reserves the right to review such resumes but will not be held liable for any fees/charges associated with a candidate hire except where a formal written agreement is in place between Glory and the Agency to source candidates for a specific role.