Reed Exhibitions ("RX") is a leading global events business. It combines face-to-face with data and digital tools to help customers learn about markets, source products and complete transactions at over 500 events in almost 30 countries across 43 industry sectors, attracting more than 7 million participants. Our events, organised by 35 global offices, leverage industry expertise, large data sets and technology to enable our customers to generate billions of dollars of revenues for the economic development of local markets and national economies around the world. Reed Exhibitions is part of RELX, a global provider of information and analytics for professional and business customers across industries. www.reedexhibitions.com
RELX is a global provider of information-based analytics and decision tools for professional and business customers. RELX serves customers in more than 180 countries and has offices in about 40 countries. It employs over 33,000 people, of whom almost half are in North America.
We are seeking a Regional Cybersecurity Manager to be based in our Richmond, UK office. You will be working within a small, but geographically dispersed Information Security team, initially focusing risk assessments - and the improvement and automation of existing working practices and toolsets.
Job Purpose: To provide specialist security advice to business units and ensure compliance with the RELX System information security policies, practices, and related industry best practices. Responsibilities include executing information security- related projects and operational tasks, as well as providing information security policy and practice expertise to IT and business customers.
- Contributing to Information Security strategy
- Provide consultation on designs and drive secure by design as a fundamental aspect of solution design
- Act as reviewer and approver for continuous internal and 3rd party security assessments
- Works with internal and external stakeholders across RX to improve processes, mitigate risks, and remediate vulnerabilities.
- Support the implementation of NIST CSF controls and Data Protection Principles.
- Track security status with RX’s information security policies, practices, and standards, through continuous monitoring and consulting.
- Reviewing threat intelligence sources and perform threat hunting using existing / new internal tools
- Acting as an SME for security related topics and issues for internal stakeholders
- Helping manage security incidents & provide a response to identify, contain & resolve
- Production of self-help guidance to allow technologists to make informed secure decisions
- Supporting all areas of the risk, security, and compliance portfolio, including security awareness, PCI compliance, conducting security research, compiling compliance reports, communicating with stakeholders, and collaborating with the IT operations teams.
- Provides consulting services to business asset owners on information security topics as directed and with support from more senior team members
- Provide effective education and awareness training to promote the secure use of Information Technology capabilities.
- A flexible outlook may be required when dealing with Investigations or Incidents out of hours.
- Mentoring and action as a role model for more junior members of the team
The above is intended to describe the general content of and requirement for the performance of this job. It is not to be construed as an exhaustive statement of duties, responsibilities, or requirements.
- Create presentations / solution briefs and articulate proposals to executives, key stakeholders, and technical colleagues.
- Effective collaboration with other teams to guide and influence team members and business colleagues
- Support the design, maintenance and enhancement of support procedures and operating policies where relevant
- Any other BAU duties that the company could reasonably expect to be completed in the scope of IT operations
- Producing and publishing relevant policies and procedures plus security awareness materials
- Independent review and testing of IT key controls within the Sarbanes Oxley framework
- University Information Security degree or equivalent.
- Fluency in English is required; fluency in German, French, Portuguese, Spanish, Chinese or Japanese will be highly desirable.
Technical Skills and Attributes:
- 7+ years of IT security experience working in a medium to large organisation
- Industry certification such as CISSP, OSCP, CSSLP, CISA, SCNP, CCNA Security, and /or CEH
- NIST CSF, PCI-DSS, ISO27001, access controls, web application security, data classification and handling, 3rd party security, and cryptographic techniques
- Experienced in Information Security domains including Security Architecture, Policy Management, Regulatory Compliance, Security Operations, and Incident Management
- Understanding of how security controls impact Infrastructure Operations and Development functions
- Ideally hands-on experience performing and interpreting application and infrastructure security testing
Essential skills and experience
- Experience with the Mitre ATT&CK Framework
- An in-depth understanding of network, systems, and application security
- Analytical/ Inquisitive nature and intuition regarding what questions to ask, when, and their relative significance
- Experience implementing industry best practice security standards in large organisations
- Detailed knowledge across a broad range of security domains
- Ability to identify emerging security threats
- Solid project and time management skills
- Strong written and verbal communication skills
- Experience within DevSecOps
- Experience in CI/CD
- Experience with different hosting technologies (Adobe AEM/AWS/Azure/ On-premise)
- Understanding of Windows and Linux infrastructure
Knowledge of some of the following is useful:
- Static Application Security Testing (SAST) tools (e.g. SonarQube, Codacy, AppScan)
- Dynamic Application Security Testing (DAST) tools (e.g. Acunetix, Detectify,Checkmarx)