As a member of the Information Security Team and working closely with colleagues within technology and across the business this role will maintain IT security and ensure the protection of our data assets according to industry specific regulations such as CAP1753 and other accreditations including PCI DSS and Cyber Essentials.

Principle Responsibilities

• Manages the implementation and delivery of the airport’s information management system to achieve compliance with CAA regulations for information security.
• Supports the Information Security Manager to implement and embed information security capability for the business by providing/applying specialist knowledge.
• To create, maintain and regularly review plans, managing deliverables with cross-functional teams/stakeholder to ensure successful delivery to time, cost and quality.
• To design, deliver and embed artefacts for The Company Information Security Management System (ISMS) e.g. information security assessments, policies, standards, processes or guidance.
• To implement and coordinate the internal information security audit programme and maintain oversight of remediation activities.
• To develop and deliver metrics and reporting to provide the Board/Executive Team oversight of the delivery of the programme and ‘security posture’ of the airport.
• To facilitate strong relationships with colleagues across The Airport to implement and start to embed the ISMS.
• To collaborate with the People Team to design and deliver information security training and awareness programmes. ¬
• To support and quality assure the information security risk process e.g. working with colleagues to control risks arising from policies.
• Provide subject matter expertise to technology and non-technology projects across the business for both security and data protection.
• Be a point of contact for support and guidance for all data protection enquiries, including Data Subject Access Requests.
• Liaison with our Date Protection Officer (DPO).
• Maintenance of our Record of Processing Activity (RoPA).

This is not intended to be an exhaustive list, and the role holder is expected to undertake any duties reasonably required to fulfil their role and support the business objectives.

Additionally, every employee is expected to:

• Comply with all relevant legislation, health and safety requirements and company policies;
• Engage in continuous personal development
• Promote the vision and values of Bristol Airport.

PERSON SPECIFICATION
Essential

• Degree qualification or equivalent experience.
• Information security qualification or equivalent experience.
• Specialist subject matter expertise in information security, including knowledge of best practice standards/frameworks such as NIST, ISO27001 or CAP 1753.
• Ability to understand technical security concepts, evaluate options and make risk-based decisions.
• Significant experience of working effectively with partners and suppliers.
• Ability to achieve results/influence diverse groups, including executives, managers, and subject matter experts.
• Excellent verbal and written communication skills.
• Demonstrable breadth and depth of experience and a proven understanding of information security, such as: policies, practices and technologies.
• Experienced in risk and issue management/frameworks.
• Capability to analyse and interpret data, draft reports/briefings for a range of audiences.
• Excellent organisational and time management skills, with demonstrable experience in delivering multiple projects simultaneously.
• Excellent IT skills – proficient in the use of a range of technologies in the delivery of information security services and Office365 or similar.

Desirable

• IT Security related accreditation including CISSP or CISM
• Data Protection related accreditation e.g. CIPP/E or CIPM
• Payment Card Industry Professional (PCIP), or equivalent exposure to and experience of PCI DSS
• Possesses technical knowledge of IT systems and network security
• Project management skills including financial/budget management, scheduling and resource management
• Proven leadership capabilities with the ability to coach, develop, empower colleagues across the business.
• Experienced in the successful delivery of programmes/projects, through the application of project management methods e.g. Prince2 or Agile
• Knowledge of modern security tools including SIEM products, firewalls and practical security standards including CIS.