The IT department is responsible for the design, build & support of the Club's IT systems, telephony and supporting infrastructure and network.
The Information Security Manager is a broad, hands-on role responsible for identifying cyber risk, supporting the definition of the strategy to address risk, and creating a detailed and prioritised programme of work in line with the strategy to address that risk.This role will need to drive the IT Team and any third parties to execute this programme of work and support the communication and implementation of any end-user impacting elements across the Club.In addition, this role will be responsible for any regular security testing and achieving any relevant accreditation for compliance purposes (e.g. PCI, PSD2).
This role will also be the key point of escalation for any security breaches and provide assurance from a cyber security perspective for any existing or new technology at the Club.
It is expected that this role will act as the Club's trusted adviser on all cyber security matters.
Support the definition of our cyber strategy to address risk, and creating a detailed and prioritised programme of work in line with the strategy to address that risk
Drive the IT Team and any third parties to execute the cyber programme of work in a timely manner
Support the communication and implementation of any end-user impacting security initiatives across the Club
Perform regular security assessments based on an agreed security framework and maintain compliance against that framework
Ensure the Club has the appropriate tools, monitoring, reporting and escalation to maintain the appropriate level of cyber security
Manage relationships with third-party security suppliers
Provide assurance from a cyber security perspective for any current and new IT systems
Monitor and act upon outputs of security tools, intelligence sources and information provided via third parties relevant to the security of the Club
Help define and enforce the appropriate level of governance at the Club
Regularly report on cyber risks and mitigation plans for those risks
Act as first point of escalation for any security breaches and be responsible for the investigation, documentation and future mitigation of that breach
Create a 'security aware' culture at the Club
Ensure the currency of any policies and procedures in the Club relevant to cyber security
Keep abreast and communicate best practice and new developments in the cyber security industry
Identify risks in IT infrastructure and systems where vulnerabilities could lead to degradation or loss of service
Work with the IT Team to ensure remediation of those vulnerabilities
Manage annual penetration testing exercise (internal, external, web application, firewall)
Manage remediation plan for non-compliant items
Manage any ad-hoc tests for existing or new systems
Match/Event responsibilities and organisation
Out of hours support
In the case of a security breach only
MAIN JOB REQUIREMENTS AND PERSON SPECIFICATION
Educated to Degree level (or equivalent)
IT security qualification such as CISM, CISSP or similar
Technical background desirable
Significant breadth of experience of IT security and data protection compliance, preferably within a blue-chip organisation including:
-analyse the risk associated with data processing operations and have due regard to such risk
Arsenal FC is committed to the principle of equal opportunity and its policies for recruitment, selection, training, development and promotion are designed to ensure that no job applicant receives less favourable treatment on the grounds of race, colour, nationality, religion or belief, sex, sexual orientation, marital status, age, ethnic and national origin, disability or gender reassignment.