Information Security Engineer

We’re Always Aiming High, leading the way and having pride in what we do, so we’re looking for an exceptional Information Security Engineer to join us here at Bristol Airport on an 23-month fixed term contract.

As a member of our Information Security Team, you will support the technology team and wider business to maintain our IT security and deliver projects to mature our IT security posture, ensure the protection of our data assets according to industry specific regulations such as CAA CAP1753 and other accreditations including PCI DSS and Cyber Essentials.

We’re looking for a subject matter expert in information security with significant experience of working effectively with partners and suppliers.

Principle Responsibilities

• Act as a technical resource for the Information Security team working closely with the internal IT Operations team and our Service Providers.
• Manage the implementation and delivery of the Airport’s information management system to achieve compliance with CAA regulations for information security.
• Support the Information Security Manager in refining and implementing the organisations Cyber Security Strategy.
• Support IT project team and ensure deliverables for IT projects and the CAP1753 action plan. 
• Create, maintain and regularly review implementation, managing deliverables with cross-functional teams/stakeholder to ensure successful delivery to time, cost and quality.
• Design, deliver and embed artefacts for the Company Information Security Management System (ISMS)
• Implement and coordinate the internal information security audit programme and maintain oversight of remediation activities.
• Develop and deliver metrics and reporting to provide the Board/Executive Team oversight of the delivery of the programme and ‘security posture’ of the airport.
• Support and quality assure the information security risk process e.g. working with colleagues to control risks arising from policies.
• Plan and conduct risk assessments and audits, evaluate security vulnerabilities and take a risk-based approach to any mitigations.
• Provide subject matter expertise to technology and non-technology projects across the business for information security.
• Keep up to date with cyber threat intelligence and suggest ways to protect the organisation against emerging threats and associated risks.
• Apply technical knowledge by working with our internal technology team and partners to ensure that our systems are implemented an maintained according to our security policies and standards. 

Person Specification

Essential

• Degree qualification or equivalent experience.
• Industry recognised information security qualification or equivalent experience.
• Specialist subject matter expertise in information security, including knowledge of best practice standards/frameworks such as NIST, ISO27001 or CAP 1753.
• Ability to understand technical security concepts, evaluate options and make risk-based decisions.
• Knowledge of IT security technologies from Cisco, Microsoft, and similar vendors.
• Significant experience of working effectively with partners and suppliers.
• Ability to achieve results/influence diverse groups, including executives, managers, and subject matter experts.
• Demonstrable breadth and depth of experience and a proven understanding of information security, such as: policies, practices, and technologies.
• Experienced in risk and issue management/frameworks.
• Capability to analyse and interpret data, draft reports/briefings for a range of audiences.
• Excellent IT skills - proficient in the use of a range of technologies in the delivery of information security services and Office365 or similar.
• Previous experience in security architecture or secure system design aligned with an industry standard.

Desirable

• IT Security related accreditation including CISSP or CISM.
• Payment Card Industry Professional (PCIP), or equivalent exposure to and experience of PCI DSS.
• Possesses technical knowledge of IT systems and network security.
• Project management skills including financial/budget management, scheduling, and resource management.
• Experienced in the successful delivery of programmes/projects, through the application of project management methods e.g. Prince2 or Agile
• Knowledge of modern security tools including SIEM products, firewalls and practical security standards including CIS.

Why join us?

We are a modern airport, defined by great people who are skilled, passionate and dedicated to providing great service with a relaxed and friendly style. We are proud to be an equal opportunity employer - our passengers come from all walks of life and so do our colleagues – it is this blend of talents, focus and passion makes us extraordinary.

We offer a competitive rewards and benefits package including:

• 25 days annual leave (increasing to 29 days with length of service)
• Company bonus scheme.
• A free on-site gym, plus private medical insurance with Bupa.
• Group Life Assurance cover and sick pay policy from day one.
• Free on-site staff parking and subsidised public transport.