CISO

Telefónica Tech (part of the Telefónica Group) is a leading NextGen Tech solutions provider with a highly diversified team of over 6,000 exceptionally skilled employees and +60 nationalities.

We serve more than 5.5m customers everyday in over 175 countries, with a global ecosystem of market-leading partners. Global strategic hubs: Spain, Brazil, the UK, Germany.

The Telefónica Tech UK&I hub has an end- to-end portfolio of market leading services and develops integrated technology solutions to accelerate digital transformation through: Cloud, Data & AI (Adatis), Enterprise Applications (Incremental), Workplace Services and Cyber Security & Networking.

Values: Open, Trusted and Bold

Trusted Partners:

• Microsoft: Top 3 Service Providers, Azure Expert Status, Fastrack & Inner Circle Partner
• HPE: Platinum Partner – FY23 UK&I Solution Provider of the Year
• Fortinet: Elite VIP Program – one of only 2 in the UK
• Palo Alto & Crowdstrike: part of our NextDefense Cyber Security Portfolio

Chief Information Security Officer

The role of CISO will be focused on ensuring that the UK&I business is managing its security services and developing policies and practices that will protect the business-critical data. In addition to the proactive protection of our systems the CISO will also be involved in preparedness for and leading within any cyber security breaches within the organisation, working hand in hand with our data protection officer and compliance teams to ensure the impact of any attack is managed.

This role needs to maintain an understanding of, and respond to, market dynamics, articulating these along with any competitive intelligence back into the organisation to help with product development as well as improving our internal security posture.

A key aspect will be the drive of security culture, not just a cross the organisation, but also the culture of the security teams themselves. This role needs to be an enabler for risk informed business growth.

The CISO will be a pivotal insight across corporate and industry engagement, client delivery and internal systems, services and behaviours.

Location: Home-based with travel. Candidate must be UK-based with expected to travel to various UK sites

Key Responsibilities

• Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program for the UK&I organisation
• Provide in-depth security and risk reporting, demonstrating a clear ROI against security investments
• Work directly with the business units to facilitate risk assessment and risk management processes
• Develop and enhance an information security management framework
• Understand and interact with related disciplines through committees to ensure the development and consistent application of policies and standards across all technology projects, systems and services
• Act within the design assurance process, ensuring resilience is built by default
• Provide leadership to the enterprise's information security organisation
• Partner with business stakeholders across the company to raise awareness of risk management concerns
• Act as Telefonica Tech UK&I representative into key industry and regulatory bodies, such as the National Cyber Security Centre and ICO
• Develop and present security performance metrics, driving awareness of maturity and security posture
• Develop a culture of consistent and effective security awareness, being the embodiment of that culture
• Lead on the execution of incident response plans, including regular testing and improvement plans
• Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems
• Drive the integration into the wider Telefónica security policies and procedures
• Deliver quantifiable security risk insights into the UK management board, informing risk decisions
• Work with the Cyber security customer-focused teams to help develop security products and services
• Promote thought leadership through marketing channels to the industry to raise Telefónica’s security visibility and presence in the market
   

Skills & Experience

• Experience in a CISO level role or equivalent within a commercially oriented organisation
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, MITRE ATT&CK, and NIST
• Knowledge and experience across multiple technological constructs, such as Cloud, DevOps, AsaService offerings, data and ideally AI
• Experience in security risk management and reporting at an executive level
• Excellent written and verbal communication
• Policy development and administration skills
• Supervisory and incident management skills
• Innovative thinking and leadership with an ability to lead, influence and motivate cross-functional, interdisciplinary teams
• Collaborative approach, with a propensity for fostering strategic relationships across the business
• Expert knowledge of regulation and compliance standards
• Proven problem-solving mentality leveraging internal and/or external resources

Key Words:

CISO - Chief Information Security Officer - Cyber Security - ISO 27001 - InfoSec - Security - Cyber Leader

We don’t believe hiring is a tick box exercise, so if you feel that you don’t match the job description 100%, but would still be a great fit for role, please get in touch.