Search Vacancies
Job Title
Location
Results Found 1
Information Security Manager
Highbury House
View

Description

DEPARTMENT DESCRIPTION

The IT department is responsible for the design, build & support of the Club's IT systems, telephony and supporting infrastructure and network.

This encompasses:

  • Business facing application development and project management of systems
  • Application support
  • Service Desk and IT Operations
  • Matchday support for IT
  • Infrastructure Management
  • Network design & support

JOB PURPOSE

The Information Security Manager is a broad, hands-on role responsible for identifying cyber risk, supporting the definition of the strategy to address risk, and creating a detailed and prioritised programme of work in line with the strategy to address that risk.This role will need to drive the IT Team and any third parties to execute this programme of work and support the communication and implementation of any end-user impacting elements across the Club.In addition, this role will be responsible for any regular security testing and achieving any relevant accreditation for compliance purposes (e.g. PCI, PSD2).

This role will also be the key point of escalation for any security breaches and provide assurance from a cyber security perspective for any existing or new technology at the Club.

It is expected that this role will act as the Club's trusted adviser on all cyber security matters.

KEY RESPONSIBILITIES

KEY RESPONSIBILITIES

Information Security

Support the definition of our cyber strategy to address risk, and creating a detailed and prioritised programme of work in line with the strategy to address that risk

Drive the IT Team and any third parties to execute the cyber programme of work in a timely manner

Support the communication and implementation of any end-user impacting security initiatives across the Club

Perform regular security assessments based on an agreed security framework and maintain compliance against that framework

Ensure the Club has the appropriate tools, monitoring, reporting and escalation to maintain the appropriate level of cyber security

Manage relationships with third-party security suppliers

Provide assurance from a cyber security perspective for any current and new IT systems

Monitor and act upon outputs of security tools, intelligence sources and information provided via third parties relevant to the security of the Club

Help define and enforce the appropriate level of governance at the Club

Regularly report on cyber risks and mitigation plans for those risks

Act as first point of escalation for any security breaches and be responsible for the investigation, documentation and future mitigation of that breach

Create a 'security aware' culture at the Club

Ensure the currency of any policies and procedures in the Club relevant to cyber security

Keep abreast and communicate best practice and new developments in the cyber security industry

Continuity Management

Identify risks in IT infrastructure and systems where vulnerabilities could lead to degradation or loss of service

Work with the IT Team to ensure remediation of those vulnerabilities

Penetration Testing

Manage annual penetration testing exercise (internal, external, web application, firewall)

Manage remediation plan for non-compliant items

Manage any ad-hoc tests for existing or new systems

Match/Event responsibilities and organisation

None

Out of hours support

In the case of a security breach only

MAIN JOB REQUIREMENTS AND PERSON SPECIFICATION

Education/Qualifications/Training:

Educated to Degree level (or equivalent)

IT security qualification such as CISM, CISSP or similar

Technical background desirable

Specific Experience:

Significant breadth of experience of IT security and data protection compliance, preferably within a blue-chip organisation including:

  • Experience with common information security management frameworks, such as International Standards Organisation (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks and Centre for Information Security (CIS)
  • Deep familiarity with applicable legal and regulatory requirements, including, but not limited to, GDPR, PCI-DSS, PSD2
  • Experience developing and maintaining policies, procedures, standards and guidelines
  • Experience in security testing (e.g. vulnerability scanning and penetration testing)
  • Experience of cloud-based security controls and implementation including Office 365 and Azure
  • Experience of managing a security programme of work
  • Experience in application development security testing (e.g. white box, black box and code review)
  • Experience of the implementation of end-user security training
  • Experience of security auditing
  • Experience of configuring and implementing a SIEM

Abilities/Skills/Knowledge

  • Expert knowledge of data protection law and practices, including an in-depth understanding of GDPR
  • Expert knowledge of PCI and PSD2 regulation
  • A thorough understanding of the technical architecture and concepts underpinning cyber security including on premise and cloud-based system
  • Strong integrity and professional ethics
  • Independent thinker with strong initiative
  • Ability to communicate effectively with a range of stakeholders, including executive management
  • Strong relationship management and influencing skills
  • Strong project management skills
  • A strong understanding of the business impact of security tools, technologies and policies.
  • Strong analytical skills to:analyse security requirements and relate them to appropriate security controls

-analyse the risk associated with data processing operations and have due regard to such risk

  • Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
  • Familiarity with the principles of cryptography and cryptanalysis
  • Proficiency in performing risk, business impact, control and vulnerability assessments

Arsenal FC is committed to the principle of equal opportunity and its policies for recruitment, selection, training, development and promotion are designed to ensure that no job applicant receives less favourable treatment on the grounds of race, colour, nationality, religion or belief, sex, sexual orientation, marital status, age, ethnic and national origin, disability or gender reassignment.

Closing Date: No closing date

Apply Now
Our current vacancies
Casual Matchday Steward
The Club is currently seeking exceptional Stewards to work on matchdays/major events on a casual basis at Emirates Stadium. You will operate as an amb...
Apply Now
Information Security Manager
**DEPARTMENT DESCRIPTION** The IT department is responsible for the design, build & support of the Club's IT systems, telephony and supporting infr...
Apply Now
Casual Event Day Support
DEPARTMENT DESCRIPTION Responsible for the preparation and running of Emirates Stadium and wider facilities at other locations for all events and f...
Apply Now
Arsenal Women Marketing Officer
**DEPARTMENT DESCRIPTION** Arsenal Women Football Club (AWFC) is the most decorated female football club in the history of the English game. Follow...
Apply Now
Arsenal Women First Team Assistant Physiotherapist (Consultant)
**DEPARTMENT DESCRIPTION** Arsenal Women Football Club are one of the most successful football clubs in the history of the women's game. It prides ...
Apply Now
Assistant Meeting & Events Co-ordinator
The Premium Sales, Service and Operations (PSSO) team is responsible for the seasonal and match-by-match (MBM) sales, service and operation of all pre...
Apply Now
Meeting & Events Coordinator (Maternity Cover)
DEPARTMENT DESCRIPTION The Premium Sales, Service and Operations (PSSO) team is responsible for the seasonal and match-by-match (MBM) sales, servic...
Apply Now