Information Security Specialist
This role of the Information Security Specialist is to support the delivery of the Information Security Strategy across BBC Worldwide. Reporting to the Information Security Manager, the candidate will be responsible for ensuring that data within the BBC Worldwide is protected, in accordance with the needs of the business and according to Information Security principles of availability, integrity and confidentiality. You will be supporting a fast paced and dynamic business with a truly global reach.
- Support the ongoing development of information security delivery through the application of specialist knowledge and capability.
- Lead on analysing security related output from Managed Security Service Providers (MSSP), internal Infrastructure and Web Operations departments to identify risks and required actions.
- Day to day management of the Vulnerability Management Program, including managing schedules, obtaining internal and third party scan approvals, and managing the output of scans through to risk mitigation.
- Conduct third party security assessments of new vendors and suppliers involved in the digital supply chain.
- Provide security expertise and assistance to all business areas and regional offices on good practice and requirements, to ensure BBC Worldwide information is appropriately protected, providing constructive challenge and using persuasion and negotiation to drive policy compliance.
- Ensure knowledge and understanding keeps pace with the ever changing technologies and threats posed to BBC Worldwide and the media industry in general.
- Plan, supervise and review workloads for analysts/junior analysts within the team undertaking appraisals of performance where appropriate.
- Work with Service Management function in support of administration and governance of Joiners, Movers and Leaver’s process, Privilege Account Rights Management and Change Control approval.
- Act as an authoritative subject-matter expert: making recommendations to project teams, sponsors and senior management with regard to identified Information Security risks and formulating suitable recommendations and policies as required.
- Maintain high standards and reflect this through Information Security output.
- Facilitate the ongoing development of information security policy and processes.
- Produce regular management reports on the status of Information Security metrics.
The Ideal Candidate
- Good technical understanding of the concepts and technologies used to provide Network security, Endpoint protection, Database security, Cloud (IaaS/SaaS/PaaS) security, Mobile security, Web & Internet security, Messaging security and Content Delivery Network security.
- Good experience of managing vulnerability management programs.
- The ability to identify and solve varied problems by the application of a suite of complex tools and techniques.
- Agile & flexible with a “can do” attitude.
- In-depth knowledge of relevant legislation, codes of practice, guidance and operating procedures.
- Highly effective and creative problem-solving skills, across a broad range of scenarios that both deliver novel solutions and enable continual improvement in existing threat mitigation and counter measures.
- Ability to convey and explain complex technical information to non-technical staff and to all levels of the organisation.
- Demonstrable experience of writing information security reports, documentation and standards accurately and to designated timescales.
- Excellent written and verbal communication and presentation skills.
- Confidence to make decisions where appropriate and to ask for assistance when necessary.
- Ability to manage multiple tasks and work streams effectively and prioritise accordingly.
- Previous experience of Public Sector or Media organisations.
- Understanding of methods used to protect media content, conditional access (CA) and Digital Rights Management (DRM) systems and digital watermarking.
- An understanding of the culture and ethos of the BBC Worldwide and the wider BBC.
- View Security as an enabler to the business.
- Experience of working in an organisation with a distributed hierarchy and using multiple outsourced support companies.
- Understanding of how information security strategy aligns with business and technology strategies
About the Company
BBC Worldwide Limited is the main commercial arm and a wholly owned subsidiary of the BBC. BBC Worldwide exists to support the BBC public service mission and to maximise profits on its behalf. It does this through investing in; commercialising and showcasing content from the BBC in the UK and around the world, In 2016/17, BBC Worldwide generated headline profits of £157.3m and headline sales of £1,059m. The UK region delivers nearly a third of BBW’s revenues (c£381m), across a broad range of sectors, including Channels, TV Distribution, Consumer Products, Live Events, Publishing and e-Commerce.