Head of IT Resilience, Information Security and GRC

Job Details: Head of IT Resilience, Information Security and GRC

Full details of the job.

Vacancy Name

Vacancy Name Head of IT Resilience, Information Security and GRC

Vacancy No

Vacancy No VN1767

Location City

Location City Multiple

Location Country

Location Country United Kingdom

Job Description

Job Title: Head of IT Resilience, Information Security and GRC
Reports to: Technology Director
Department: Technology
Location: London or Leeds

DEPARTMENT DESCRIPTION

The Technology department is led by the Technology Director who reports to the Chief Operating Officer; The Technology Department is charged with:

• Development, communication and execution of the company’s Technology Strategy, Governance processes, Architectural guidelines, and Risk management
• Change delivery for Platforms, Systems and Processes, supporting our business verticals
• Provision of secure, efficient and high-quality IT and Broadcast services

Driven by the Channel’s Future4 strategy, our business in the midst of an accelerated digital transformation. To deliver this future, Channel 4 are refreshing the operating model of the technology team. The operating model is aligned with the four key areas of Channel 4’s business, Content; Marketing and Viewer Experience (incl. All 4); Commercial; and Operations (incl. ERP), each having a technology leader embedded alongside the business leader.

These business orientated units will be supported by a strong central function that provides leadership and services through Governance Risk & Compliance, Service Management, and Strategy, Architecture & Data.

JOB PURPOSE

This exciting role will be on forefront of shaping the security architecture and protection of Channel 4’s data and IT platforms. The role has direct impact on the streaming experience of millions of viewers. The Head of IT resilience, Information Security and GRC role will focus on developing and driving Channel 4’s information and data security strategy and programme.

You will be responsible for providing leadership and management of the Channel 4 security and resilience function. The function is responsible for:

• Security Operations
• Security Awareness
• Security Architecture and Engineering
• IT Governance, Risk and Compliance
• IT Resilience

A successful candidate will be expected to lead by example to mature the security function and deliver a successful programme of improvements to Channel 4’s security posture, through influencing business and technology change, and through direct actions of the team they will manage.

The role will be ideal for an experienced security leader with good technical knowledge/experience and the ability to influence stakeholders across the organisation to win support for security and resilience initiatives.

KEY RESPONSIBILITIES

• Track and work to improve Channel 4 security posture proactively considering changing threat landscape.
• Advise Channel 4 senior leadership and other relevant stakeholders to enable effective decision making on information security matters.
• Keep stakeholders informed and motivated to support security initiatives.
• Provide leadership and senior voice on all matters relating to IT resilience and information security.
• Update and deliver the Channel 4 resilience and information security strategy aligned with wider business goals.
• Plan and manage the security budget together with the Technology function and the wider business.
• Lead work to simplify, mature and maintain organisational security policies, standards, and processes and procedures.
• Mature GRC practices of the Technology function.
• Be accountable for incident response and disaster recovery efforts in the event of security compromise or incidents.
• Deliver cost effective solutions to protect Channel 4’s information assets.
• Ensure effective security monitoring is in place.
• Produce and maintain the information security governance and risk frameworks.
• Develop, monitor and proactively share KPIs to measure effectiveness of controls.
• Lead on internal and external resilience and security audit activities.
• Assess the level of assurance provided by security mechanisms, suppliers, systems, or products.
• Communicate good practice, security policies, standards, legal and regulatory requirements to the wider business.

ESSENTIAL EXPERIENCE AND SKILLS

Professional & Technical Skills:

You have broad foundation based on practical hand-on experience managing IT or security controls, as well as leading and developing security teams. An influencer that can secure buy-in from stakeholders across and out with the organisation, and influence change in areas without direct authority.

• Senior management and leadership experience in cybersecurity role.
• Highly experienced in the application of IT resilience, IT governance and information security standards and frameworks.
• Ability to build and maintain relationships cross-functionally and with internal and external stakeholders.
• Skilled in determining, establishing, and maintaining appropriate strategies, policies, standards, and procedures for protecting information security assets.
• Extensive knowledge of technology including networking, hosting, application development, identity and access management, and encryption.
• Experience of managing information security incidents at all levels (24/7 SOC and skilled senior staff will be reporting to the role holder – the role holder needs to be capable of managing stakeholders during critical incidents)
• Capable of influencing change in areas of business outside of direct authority.
• Knowledge of legal and regulatory requirements that could affect security requirements within the television and media sector.
• Familiarity with cloud security principles, including knowledge of Microsoft Azure, AWS and GCP services and security products.
• Strong knowledge of information security frameworks, standards, and legislation (ISO 27001, NIST, GDPR).
• Experience developing risk assessments and risk mitigation strategies and action plans.
• Skilled in producing documents or reports, including internal audits, assessments, or gap analysis.
• With strong stakeholder management skills.

Job Title: Head of IT Resilience, Information Security and GRC
Reports to: Technology Director
Department: Technology
Location: London or Leeds

DEPARTMENT DESCRIPTION

The Technology department is led by the Technology Director who reports to the Chief Operating Officer; The Technology Department is charged with:

• Development, communication and execution of the company’s Technology Strategy, Governance processes, Architectural guidelines, and Risk management
• Change delivery for Platforms, Systems and Processes, supporting our business verticals
• Provision of secure, efficient and high-quality IT and Broadcast services

Driven by the Channel’s Future4 strategy, our business in the midst of an accelerated digital transformation. To deliver this future, Channel 4 are refreshing the operating model of the technology team. The operating model is aligned with the four key areas of Channel 4’s business, Content; Marketing and Viewer Experience (incl. All 4); Commercial; and Operations (incl. ERP), each having a technology leader embedded alongside the business leader.

These business orientated units will be supported by a strong central function that provides leadership and services through Governance Risk & Compliance, Service Management, and Strategy, Architecture & Data.

JOB PURPOSE

This exciting role will be on forefront of shaping the security architecture and protection of Channel 4’s data and IT platforms. The role has direct impact on the streaming experience of millions of viewers. The Head of IT resilience, Information Security and GRC role will focus on developing and driving Channel 4’s information and data security strategy and programme.

You will be responsible for providing leadership and management of the Channel 4 security and resilience function. The function is responsible for:

• Security Operations
• Security Awareness
• Security Architecture and Engineering
• IT Governance, Risk and Compliance
• IT Resilience

A successful candidate will be expected to lead by example to mature the security function and deliver a successful programme of improvements to Channel 4’s security posture, through influencing business and technology change, and through direct actions of the team they will manage.

The role will be ideal for an experienced security leader with good technical knowledge/experience and the ability to influence stakeholders across the organisation to win support for security and resilience initiatives.

KEY RESPONSIBILITIES

• Track and work to improve Channel 4 security posture proactively considering changing threat landscape.
• Advise Channel 4 senior leadership and other relevant stakeholders to enable effective decision making on information security matters.
• Keep stakeholders informed and motivated to support security initiatives.
• Provide leadership and senior voice on all matters relating to IT resilience and information security.
• Update and deliver the Channel 4 resilience and information security strategy aligned with wider business goals.
• Plan and manage the security budget together with the Technology function and the wider business.
• Lead work to simplify, mature and maintain organisational security policies, standards, and processes and procedures.
• Mature GRC practices of the Technology function.
• Be accountable for incident response and disaster recovery efforts in the event of security compromise or incidents.
• Deliver cost effective solutions to protect Channel 4’s information assets.
• Ensure effective security monitoring is in place.
• Produce and maintain the information security governance and risk frameworks.
• Develop, monitor and proactively share KPIs to measure effectiveness of controls.
• Lead on internal and external resilience and security audit activities.
• Assess the level of assurance provided by security mechanisms, suppliers, systems, or products.
• Communicate good practice, security policies, standards, legal and regulatory requirements to the wider business.

ESSENTIAL EXPERIENCE AND SKILLS

Professional & Technical Skills:

You have broad foundation based on practical hand-on experience managing IT or security controls, as well as leading and developing security teams. An influencer that can secure buy-in from stakeholders across and out with the organisation, and influence change in areas without direct authority.

• Senior management and leadership experience in cybersecurity role.
• Highly experienced in the application of IT resilience, IT governance and information security standards and frameworks.
• Ability to build and maintain relationships cross-functionally and with internal and external stakeholders.
• Skilled in determining, establishing, and maintaining appropriate strategies, policies, standards, and procedures for protecting information security assets.
• Extensive knowledge of technology including networking, hosting, application development, identity and access management, and encryption.
• Experience of managing information security incidents at all levels (24/7 SOC and skilled senior staff will be reporting to the role holder – the role holder needs to be capable of managing stakeholders during critical incidents)
• Capable of influencing change in areas of business outside of direct authority.
• Knowledge of legal and regulatory requirements that could affect security requirements within the television and media sector.
• Familiarity with cloud security principles, including knowledge of Microsoft Azure, AWS and GCP services and security products.
• Strong knowledge of information security frameworks, standards, and legislation (ISO 27001, NIST, GDPR).
• Experience developing risk assessments and risk mitigation strategies and action plans.
• Skilled in producing documents or reports, including internal audits, assessments, or gap analysis.
• With strong stakeholder management skills.

Hybrid Working:

From September 2023, C4 has operated a 60/40 working pattern, equating to three office days per week. 
Having everyone in the office three days a week gives us more opportunity to build our high performing, inclusive culture; to collaborate and to learn and share with each other, as well as helping to coordinate a regular pattern of home and office working days.
Employees then have the flexibility to decide where they spend the rest of the working week. 
All our offices are open five days a week.

Salary Competitive

Application questions to complete

To complete your application please provide a response to the below application questions, you can upload your response to the application questions as an attachment when submitting your application. This can be attached to your application as a PDF or Word document.

• Please outline how you meet the ‘Essential Experience & Skills’ outlined in the Job Description (Max 500 words)

Benefits There are a million reasons why it’s great to work at Channel 4, here are just a few of the perks for you;
• 26 days annual leave (including a day off for your birthday)
• Company funded Private Medical Insurance
• A generous Group Personal Pension
• Access to our flexible benefits scheme including dental, travel insurance, health screenings and more

Applications Close Date

Equal Opportunities Channel 4’s purpose is to create change through entertainment; by representing unheard voices, challenging with purpose and delivering content which reflects the diversity of different communities across the UK.

We are only able to deliver on this remit by having a workforce rich in diversity of thought, background and lived experience. As an employer we encourage applications from candidates from all backgrounds and do not discriminate based on disability, age, gender reassignment, gender expression, criminal history, length of time spent unemployed, marriage or civil partnership status, national origin, pregnancy and maternity status, race, religion or belief, sex, and sexual orientation.

Disability Confident Scheme:
Channel 4 is a member of the Business Disability Forum (BDF) and has also maintained the highest level of the Department of Work and Pension's Disability Confident scheme - Level 3: Leader. Under the Disability Confident Scheme, we aim to offer an interview to all candidates who have a neurodiverse condition, impairment or long-term condition and who meet the essential criteria for an advertised job. If you wish your application to be considered under the Disability Confident Scheme, please select yes when completing the application questions. For more information, please visit the Disability Confident Campaign website.

Care Leaver Friendly Employer:
Channel 4 is a Care Leaver Friendly Employer. By signing the Care Leaver Friendly Employer Charter and adopting its principles, we are supporting an immensely talented yet often under-served and under-represented community of young people/ adults. We commit to offering an interview (and constructive feedback) to applicants who identify as care experienced and meet the essential criteria for the role as outlined on the job description. Applicants should indicate if they wish to apply under our Care Leaver Scheme by selecting the option on the application form.

Workplace Adjustments:
We are committed to providing disabled applicants a level playing field when applying for a job and support whilst employed to perform to the best of their ability and develop their careers. If you have a neurodiverse condition, impairment or long-term condition and require any adjustments, additional support or alternative arrangements during the recruitment and wish to discuss this confidentially, please let us know via the following e-mail #J-18808-Ljbffr

---