Business Information Security Officer
Luton/Hybrid
COMPANY
When it comes to innovation and achievement there are few organisations with a better track record. Join us and you’ll be able to play a big part in the success of our highly successful, fast-paced business that opens up Europe so people can exercise their get-up-and-go. With over 250 aircraft flying over 700 routes to more than 30 countries, we’re the UK’s largest airline, the fourth largest in Europe and the tenth largest in the world. Flying over 70 million passengers a year, we employ over 10,000 people. Its big-scale stuff and we’re still growing.
TEAM
The Digital Safety Team plays a critical role in keeping easyJet’s data safe and secure. At easyJet we refer to Digital Safety as the discipline of being cyber secure, cyber resilient and in control of the data that we process. The team is responsible for the day-to-day secure operations, governance, risk and compliance.
JOB PURPOSE
This role is part of the BISO team and manages the relationship between the Digital Safety team and the business. The objectives of the BISO are to support the strategic direction of information security into the business, as well as representing business requirements into the Digital Safety Team.
You will build strong, trusted relationships with business leaders providing advice, guidance and recommendations, whilst ensuring that the business maintains compliance with easyJet’s information security requirements, including relevant legislation and regulations. You will act as a subject matter expert for information security and be able to communicate information security requirements in business language.
JOB ACCOUNTABILITIES
⦁ Build enduring relationships and provide strategic advice and recommendations to business leaders to support them in aligning their practices with information security requirements and ensure they maintain compliance with policies and standards.
⦁ Be a champion for Information Security, building and maintain a positive culture of security within the business: Demonstrate your enthusiasm for information security and how this can support the business and reduce the risk of their operations being affected by a security incident. Encourage timely completion of all security awareness training and encourage participation in Digital Safety events and initiatives.
⦁ Find solutions to specific business challenges to strike the balance of the business needs with information security controls and provide optimisations to reduce friction and burden, whilst ensuring that information security outcomes are achieved.
⦁ Support departments in making business cases which support the improvement of information security controls.
⦁ Act as a point of contact and liaison between the Digital Safety Technical Security team and the business as part of the security incident management process, ensuring actions required by the business are directed to the appropriate personnel and representing the requirements of business-critical functions back into the process.
⦁ Support the management of risk-based decision-making in the business by owning actions to address information security risks, maintaining a risk register for your area of the business, and reporting these into regular forums and committees.
⦁ Data Privacy requirements managed adequately by the business, working in partnership with the Data Protection Officer (DPO)
⦁ Work closely with the wider Digital Safety team to stay abreast of security risks, threats, emerging trends, technologies and legislation which may impact the business.
⦁ Provide continuous feedback and regular reporting into the Digital Safety team and senior stakeholders, including how the business is performing against security policies, recommendations for the mitigation of information security risks within the business, improvements made, challenges to be addressed and the impact of any recent or proposed business changes.