Digital Safety Business Partner
Date posted: 
Thursday, 3 June, 2021
Company: 
easyJet
Closing date: 
Wednesday, 30 June, 2021
Luton
Apply now

Job Purpose

The digital safety advisor’s role is to help guide business project, programmes and continuous improvement initiatives in relation to digital safety to ensure that risk is understood and managed.

  • Partner with key business areas and help the easyJet business area make appropriate risk-based decisions in relation to digital safety while cognisant of the business benefit achieved by the initiative.

  • Provide technical advice in relation to digital safety and associated regulation, identifying the risk profile of the activity, the mandatory control framework for the activity and identify how the initiative could affect the main events.

  • Provide formal recommendations to the business areas to allow it make decisions based on cyber risks.

  • Identify when other teams need to be engaged, particularly Enterprise Architecture, third party assurance, DPO, commercial legal and assist the business area with engagement to enable successful delivery.

  • Present and explain assessment of cyber risk and the formal recommendations to other governance bodies alongside business area.

  • Be a technical lead within the group digital safety team. Provide technical and risk advice, development and mentoring to other team members. Bring advanced skills to other digital safety areas as needed.

  • Contribute to the development of digital safety policies and standards.

  • Educate stakeholders on good digital safety practices and principles through the partnership with key business areas

Job Accountabilities

  • Ensuring that the team is engaged with all projects by appropriate building partnerships across easyJet.

  • Identify digital safety-related risks within initiatives, ensure that the business understands these risks and make formal, graded recommendations to manage risk.

  • Identify appropriate internal and external standards, explain how these standards affect the business and ensure that non-adherence to standards is managed via formal processes.

  • Identify where new standards are required, work with the team to draft them

  • Identify legal-related risks in outline and engage appropriate colleagues in the legal department (DPO, commercial lawyers).

  • Develop project centric view of key bow-tie risk models.

  • Develop innovative business or technical solutions to manage risk.

Ideal Qualifications

  • CRISC or similar (eg Institute of Risk Management)

  • CISSP or similar

  • Digital safety MSc

Desirable Skills/Experience

  • This role operates at SFIA levels 5 (senior) and 4.

  • Previous work as a consultant across multiple organisations or lines of business

  • At least 6 years’ experience in digital safety in a role that has required strong social and technical skills working with multiple programs and partners at once.

  • Candidates must have the essential skills identified.

  • Strong candidates will demonstrate the desirable skills.

Level of Responsibility Required

>Autonomy - Works under broad direction. Work is often self-initiated. Is fully responsible for meeting allocated technical and/or project/supervisory objectives. Establishes milestones and has a significant role in the assignment of tasks and/or responsibilities.

>Influence - Influences organisation, customers, suppliers, partners and peers on the contribution of own specialism. Builds appropriate and effective business relationships. Makes decisions which impact the success of assigned work, i.e. results, deadlines and budget. Has significant influence over the allocation and management of resources appropriate to given assignments. Leads on user/customer collaboration throughout all stages of work. Ensures users’ needs are met consistently through each work stage.

>Complexity - Performs an extensive range and variety of complex technical and/or professional work activities. Undertakes work which requires the application of fundamental principles in a wide and often unpredictable range of contexts. Understands the relationship between own specialism and wider customer/organisational requirements.

>Knowledge - Is fully familiar with recognised industry bodies of knowledge both generic and specific. Actively seeks out new knowledge for own personal development and the mentoring or coaching of others. Develops a wider breadth of knowledge across the industry or business. Applies knowledge to help to define the standards which others will apply.
 

Business skills

  • Demonstrates leadership. Communicates effectively, both formally and informally.

  • Facilitates collaboration between stakeholders who have diverse objectives.

  • Analyses, designs, plans, executes and evaluates work to time, cost and quality targets. Analyses requirements and advises on scope and options for continuous operational improvement. Takes all requirements into account when making proposals. Demonstrates creativity, innovation and ethical thinking in applying solutions for the benefit of the customer/stakeholder

  • Advises on the available standards, methods, tools and applications relevant to own specialism and can make appropriate choices from alternatives.

  • Maintains an awareness of developments in the industry. Takes initiative to keep skills up to date. Mentors colleagues.

  • Assesses and evaluates risk.

  • Proactively ensures security is appropriately addressed within their area by self and others. Engages or works with security specialists as necessary. Contributes to the security culture of the organisation.

Information Security Skills Required - (based on IISP skills framework 2v3);

Skills Group

Essential

Skill level

Desirable

Skill level

A1 – Governance

3

 

A2 – Policy and Standards

3

5

A3 – Information Security Strategy

3

 

A4 – Innovation and Business Improvement

4

5

A5 – Behavioural Change

2

 

A6 – Legal & Regulatory Environment and Compliance

3

4

A7 – Third Party Management

4

 

B1 – Threat Intelligence, Assessment and Threat Modelling

1

 

B2 – Risk Assessment

5

 

B3 – Information Risk Management

5

 

C1 – Enterprise Security Architecture

3

 

C2 – Technical Security Architecture

5

 

C3 – Secure Development

2

 

D1 – Internal and Statutory Audit

1

 

D2 – Compliance Monitoring and Controls Testing

2

 

D3 – Security Evaluation and Functionality Testing

2

 

D4 – Penetration Testing and conducting Simulated Attack Exercises

2

 

E1 – Secure Operations Management

2

 

E2 – Secure Operations and Service Delivery

2

 

F1 – Intrusion Detection and Analysis

2

 

F2 – Incident Management, Incident Investigation and Response

2

3

F3 – Forensics

2

 

H1 – Business Continuity and Disaster Recovery Planning

2

3

H2 – Business Continuity and Disaster Recovery Management

2

 

H3 – Cyber Resilience

2

 

I1 – Research

1

 

I2 – Applied Research

1

 

J1 – Management, Leadership and Influence

3

5

J2 – Business Skills

5

 

J3 – Communication and Knowledge Sharing

4

5

K1 – Contributions to the Community

1

1

K2 – Contributions to the IS Profession

3

4

K3 – Professional Development

3

4

LOCATION & HOURS OF WORK
This full time role will be based in Luton, and will be 40 hours per week.

0
Apply now