Head of Cyber Security

With nearly a million new ads on the site each week and a whopping 14 million unique visitors every month, Gumtree prides itself on being the go-to place for everything from smartphones to cars and jobs to flats.

As a company we are on a mission to make buying and selling second hand safer, simpler and more enjoyable for everyone, because we believe everything can find a new purpose (and that’s good for you and good for the planet).

**About the role**:
**Our company is committed to providing valued and exceptional services to our customers. As part of this commitment, it's essential that these services are secure.**

We are looking for a Head of Cyber Security/ InfoSec to join us at an exciting time to establish the next level of cyber and information security capabilities for our customers and employees. As part of new company ownership, you will have the full support of the company to build these new capabilities. Key to making this happen will be your skills, expertise and experience.

To be successful in this role you will also need to identify any potential compliance gaps, ensuring all identified issues are assessed, tracked and mitigated, whilst also supporting the businesses in managing any security incident or data breach.

You proactively manage Information Security, Data Protection and Risk, which includes assessing, onboarding and maintaining industry standard frameworks. You’re also on top of the industry's latest threats and work with Product and Technology teams to ensure incidents are prevented.

**Main responsibilities**:

- Liaise with Legal to manage and assess risk for the organisation
- Implement and improve required security policies, guidance, plans and procedures
- Facilitate and perform internal compliance auditing programs
- Facilitate and manage ongoing training for the organisation on security and GDPR compliance
- Provide reporting and dashboarding on the status as well as improvement plans of the security posture of the company to senior leadership teams
- Create and maintain required roles and RASCI documents which clarifies the ownership and responsibilities of handling security processes across the company
- Owns business continuity and disaster recovery plans and their scheduled testing
- Providing direction and guidance on Information Security matters to the division, working closely with peers to ensure that security is built into everything we do
- Work closely with peers to establish and manage a secure product lifecycle program

**What we want**:
We are looking for an experienced Cybersecurity / InfoSec Leader with;
- Deep experience in working with information assets
- Solid knowledge of data governance and understanding of compliance structures
- Ability to assign business value to security efforts
- Leadership qualities with a calm demeanour, especially under pressure
- Must have extensive experience introducing, maintaining security standards and frameworks (e.g. ISO 27001, NIST, OWASP)
- Must have experience in leading Security Incident Response program
- Must have In-depth knowledge and experience with security compliance frameworks such as SOX, PCI and GDPR
- Must have in depth knowledge of data protections regulations and best practice
- Must have experience building relationships across the business to get adoption on Information Security practices
- Essential experience in a highly technical environment
- Proven track record of ownership and driving deliverables through to completion
- Ability to work in a fast-paced environment while maintaining attention to detail

**Perks**:
Benefits are an essential part of your total compensation for the work you do every day. Whether you’re single, in a growing family, or nearing retirement, we offer a variety of comprehensive and competitive benefit programs to meet your needs.

That's why we're pleased to offer all employees full access to our comprehensive benefits package. This includes:

- 25 days holiday per year increasing with length of service. ️
- Company bonus scheme.
- Private health insurance.
- Private dental insurance.
- Income protection policy.
- Conference & education budget.
- Remote / Hybrid / Office based working available