Head of Information Security - 9 month contract
Reporting to the Director of PMO and Risk Management the Head of Information Security is a senior leadership role with enterprise responsibility for overall Information Security, including standards, procedures, and guidelines across Camelot Lottery Solutions. The individual has global responsibility for execution of all Camelot Lottery Solutions information security policies and procedures, and is responsible for the organisation’s overall information security position and user awareness levels.
The Head of Information Security will also be the Camelot Lottery Solutions Data Protection Officer. Responsibilities will include building effective processes to deter data and privacy breaches, as well as having crisis management processes in place to address and manage any occurrences. The scope of this role covers all information security technologies and services, as well as access control management over all client and internal data/systems environments. The Head of Information Security drives the overall direction of the information security architecture and will build and manage the ongoing execution of a security operations centre in technology areas such as applications, data protection, as well as all information systems security monitoring, analysis, detection and incident response processes. Additionally, the new information security leader will be responsible for appropriately organising, recruiting, and structuring the information security organisation.
Purpose of role:
Camelot Lottery Solutions are embarking on a large security and privacy transformation programme and require someone to lead both the programme and new security and privacy function. Specifically this role has been created to:
- Deliver security management for Camelot Lottery Solutions ensuring confidentiality, integrity and availability of systems, products and services.
- Ensure confidentiality of sensitive Camelot intellectual property is managed and maintained.
- Ensure integrity of gaming products is managed and maintained.
- Recruit and manage a strong information security function.
- Accountability for the execution of the Camelot Lottery Solutions Information Security Strategy and associated plan.
- Ensure security risks are identified and managed effectively.
- Provide assurance to customers with regards to security and undertake the work required to provide that assurance.
- Maintain compliance with ISO27001 and WLA SCS.
- Act as the Camelot Lottery Solutions Data Protection Officer and ensure CLS maintains compliance with the General Data Protection Regulation and associated local legislation in the jurisdictions in which it operates.
- Provision of thought leadership on matters of security.
- Maintenance of the information security management system and associated policies and processes;
- Maintenance of an inventory of personally identifiable information;
- Ensuring continued certification to ISO27001 and WLA SCS;
- Keep abreast of all appropriate published regulations and guidelines to ensure that the company remains in compliance. This would include performing regular research and analysis on current security methodologies, issues, technologies and associations;
- Recruit, Manage, Develop and Lead the Information Security team
- Be a member of the CLS Leadership Team and actively contribute to all aspects of the successful operation of the business.
- Identify, measure, control & minimise security and privacy risks.
- Manage the information security and privacy budget.
- Manage the operational team that protects, defends and can respond to threats to Camelot Lottery Solutions and its customers.
- Anticipate, influence and assist the organisation to assess and rapidly adjust to changing threat conditions and trends (internal and external).
- Be a trusted partner to stakeholders.
- Implement measurement procedures (KPI, metrics) to assess and track exposure, risks and effectiveness of countermeasures for the Board and for Customers.
- As part of the senior nature of this role, you’ll be required to be available outside of normal office hours in an ‘on duty’ capacity. This aspect of your role is fundamental to ensuring Camelot’s business continuity in the event of system failures or other such emergencies.
This role is a vitally important one for Camelot Lottery Solutions. The successful individual will be the most important Information Security professional across the global organisation, and will advise the most senior of Camelot employees on Security Strategy. As well as having the experience and influence to operate in this manner, you will have:
- Previous experience in software engineering and / or application security with a demonstrable detailed knowledge of the application security domain
- Ability to articulate complex technical or sensitive issues to a wide and / or senior audience is essential
- Demonstrable experience of delivery of security and / or privacy transformation programmes
- Ability to demonstrate an understanding of common security and privacy standards / regulations in particular PCI-DSS, GDPR and ISO27001
- Past or current experience leading an information security function.
- Demonstrable past working experience in assessing, resolving and documenting complex security issues, devising plans to address those problems, and successful execution of those plans.
- Strong understanding of external and internal threat landscapes
- Understanding of information security governance and risk management principles