This position has been filled

Information Security Policy Lead Controller

Job Ref: BR54376

  • Salary: From £37113 plus Car Lease Scheme, Paid Overtime, Private Health Care, Dental Scheme, Life Assurance
  • Location: Nissan Sunderland
  • Position: Full Time
  • Hours: 39
  • Date Listed:
  • Closing: 12th October 2017

The Information Security Policy Lead is primarily responsible for creating and maintaining Nissan Regional Information Security policies. These documents govern all of Nissans Europe & AMI’s Information Security activities and form the core of the strategy and tactics to protect Nissans Europe & AMI’s information and information assets from security threats.

Outline & Responsibilities
  • Create Information Security policies and standard design documents aligned to acceptable business risks and operations
  • Review & update existing policies and standard guidance documents ensuring alignment with wider business objectives
  • Co-ordinate with the Risk and Compliance team to support the implementation of and adherence to the relevant legal and regulatory requirements, e.g. Data Protection Act (General Data Protection Regulation).
  • Ensure that policies reflects industry best practice throughout Nissan Europe & AMI, aligning appropriately with the Awareness Co-ordinator to ensure effective education and awareness of the secure use of Information Technology.
  • Managing document lifecycle according to the defined process and with respective governance bodies.
  • Establish communication paths with different Nissans Europe & AMI teams concerning new, revised, and withdrawn policies documents.
  • Conduct analysis of a specific policies and /or processes through interviews, meetings; working with project or operational teams.
  • Supporting Nissans Europe & AMI’s Security / IT and business teams in defining and implementing security controls or solutions in line with required policies and standards.
  • Act as a single point of contact for all type of inquiries on documented policies.
  • Supporting external and internal audits conducted against information security