Information Security Programme Lead

Location: Hybrid, 2 days in Buckinghamshire office

Reports to CISO

**Salary**: £800/day

**The Role**

We have a multi-year Information Security improvement programme which covers a wide range of improvement areas - culture change, information governance, supply chain security, IT security solutions and operational technology security solutions.

The programme has been broken down into distinct workstreams with approximately 15 active projects. In order to manage workload and resourcing across the department, all projects are co-ordinated through a single PMO. The projects are generated from the following sources:

- Information governance projects e.g. DSAR lessons learned initiatives, improved ECI management
- Business initiated projects requiring InfoSec support InfoSec input into IT projects
- BAU activities which are managed as projects to ensure they are delivered with the rigour and
- regulatory compliance required e.g. annual regulator pen test
- Additional urgent projects to fix security services and solutions

This Programme Lead role oversees and manages the delivery of this complete programme of projects, running the PMO and associated governance and procedures required, and tracking delivery through rigorous PMO discipline. This is a hands-on role involved in the initiation and scoping of each project (to ensure the projects are setup and resourced to ensure successful delivery) and progressing projects through the early approval stages. The programme lead is also the secretariat for the Information Security Steering Group - the senior board responsible for the oversight of the Information Security Improvement programme.

Reporting to the CISO, the Programme Lead will be a member of the InfoSec Leadership Team. Line responsibility for 3 current Project Leads + 1 Business Analyst though this could flex upwards/downwards dependent on number of projects in-flight.

**Main Responsibilities**
- Responsible for the complete information security programme - ensure that it delivers the strategy to time, cost and quality.
- Responsible for the delivery of the information security elements of business and IT projects.
- Establish and manage the InfoSec programme pipeline ensuring alignment with the business and IT to deliver strategic initiatives.
- Working with the CISO, workstream leads and delivery managers plan the programme on an annual basis and baseline the projects which are to be delivered.
- Work closely with project sponsor, assigned delivery managers to plan and develop scope, deliverables, required resources, work plan, budget, and timings for new initiatives.
- Work with delivery managers to identify and manage risks, issues, assumptions and dependencies to allow programme risks, issues, assumptions and dependencies to be identified and actively managed.
- Manage programme budget and financial planning cycles.
- Ensure that projects are meeting required quality and governance standards.
- Lead delivery managers, acting as an escalation point when required.
- Engage and manage senior stakeholders to achieve buy-in and support for the information security programme.
- Manage and run the InfoSec PMO to ensure that projects are tracked and adhere to established change control procedures.
- Provide a common framework of good-practice standards, tools, templates and processes for running and governing the portfolio of projects.
- Continuously mature information security project processes, governance and controls to gradually remove the need for ‘human controls’.
- Deliver projects in the programme per established processes as required.
- Support and participate in information governance projects as required.
- Support the CISO to run the Information Security Steering Group (ISSG).
- Report programme progress to CISO and ISSG based on the tracking of project deliverables.

Job requirements

Vocational Qualifications:

- Preferably a relevant degree or security qualification
- Proven experience as a Programme Lead
- Relevant experience of working on cyber change projects with the ability to bring the
- project rigour and discipline
- Relevant professional qualifications an advantage i.e. PMI - PMP, Prince2, MSP, ITIL

Behavioural competencies:

- Outstanding leadership and organizational skills
- Excellent communication skills
- Outcome focused delivery
- Data driven, always striving for transparency
- Excellent stakeholder relationship skills
- Excellent problem-solving ability
- A ‘can-do’ attitude

Experience required:

- Thorough understanding of project/programme management techniques and methods
- Excellent knowledge of business change management principles
- Experience of working in a global organisation delivering projects through a matrix relationship
- Proven ability to deliver projects to time, cost and quality