Information Security Manager
The Football Association [The FA] is the not-for-profit governing body of football in England. It is responsible for promoting and developing every level of the game, from grassroots through to the professional game, and generates significant revenue to support investment into English football each year.
The FA oversees England international teams across men's, women's, youth and disability football, as well as running the National League System and FA Competitions including the Emirates FA Cup, Barclays FA Women's Super League, FA Women's Championship, and Vitality Women's FA Cup, and the world-class facilities of Wembley Stadium and St. George's Park, all with a purpose to Unite the Game and Inspire the Nation.
HAVE THE DIGITAL WORLD AT YOUR FEET
Technology is key to the FA's transformation. From supporting grassroots via our day-to-day digital presence, to using data-led insights to drive the game - to developing future focused platforms for professional football - our Digital Technology team is central to our future.
Whilst investment in technology to make the experience of all participants relevant and easy, is already at the heart of how we can serve the game, we are looking to invest even further and deliver in a more iterative way, forming product lines and fully moving towards an Agile, Product Management framework.
By 2024, we will upgrade and simplify our core football administration system (moving from Whole Game System to Platform for Football) and provide enhanced capability to England teams.
Our product lines cover all those that RUN, PLAY, LEARN as well as our responsibility to REGULATE, WIN and leverage DATA whilst also ensuring sufficient focus on the CORE BUSINESS online and PLATFORMS that support each product and service across the organisation.
Join us in helping to DECIDE THE GAME and HAVE THE DIGITAL WORLD AT YOUR FEET.
The Role and Key Accountabilities
Provide the focal point for all InfoSec elements, both with FA technology partners and internally to FA and County FA stakeholders.
- Collaborate with the CISO service and the Head of Service Delivery to build an effective Info Sec roadmap that will increase the maturity of the FA's cyber security posture, through budget definition and implementation of fit for purpose Policies, Standards, Processes, and tools.
- Assist in defining the vision and set the strategy for IT Risk and Cyber Security at The FA, that proactively keeps our customers and our staff safe.
- Assist in delivering security behavioural change whilst communicating cyber security objectives across the organisation
- Work with the technical design authority with responsibility for all Info Sec aspects across the FA project portfolio:
- Design and build all Info Sec projects that deliver process or toolsets specific to Info Sec roadmap
- Ensure that all projects have defined security standards and are implemented as expected
- Ensure that all software lifecycle management includes secure coding standards, security validation and testing
- Validate that any third parties providing solutions or services to the FA meet a minimum set of defined security requirements
- Ensure the effective governance for InfoSec activities across the FA, aligning all IT partners in the delivery of security controls.
- Maintain all FA information security policies and standards, including regular reviews and updates
- Manage an assurance framework to monitor compliance against FA information security policies and standards across the internal FA user base and managed service providers
- Manage the operational effectiveness of any Info Sec service delivered via IT managed service providers
- Ensure effective and best practice use of identity and access management and privileged access management tools
- Manage plans for all BCP and DR with all FA and IT partner teams
- Act as a security incident responder, assisting in the management and co-ordination of activities for any Info Sec incident, ensuring analysis and effective actions are taken.
- Manage the planning and delivery of security testing activities, including the co-ordination of remediation tasks for vulnerability findings within the FA networks, applications, and any other related products.
- Work with IT partners to provide an effective training and awareness program to all FA users
- Ensure regular and documented meetings are held with the delivery partner to measure delivery performance and implement corrective actions where required
- Attend the Change Advisory Board, and Architecture Review Board, to ensure all Info Sec requirements have been considered and are provided in any existing or new solutions
- Execute additional tasks as required in order to meet FA Group changing priorities.
- Comply with all company policies and procedures to ensure the highest standards of health, safety and wellbeing can be maintained.
What we are looking for
- Experience in Information Security operations
- A thorough understanding of best practice within Information Security and risk management.
- Experience with managing third party service providers and business stakeholders
- Experience of managing information security incidents
- In depth knowledge of Info Sec marketplace and solutions
- Good project and change management skills
- Excellent knowledge and experience of using MS Office applications to fulfill reporting and analysis tasks
- Good technology experience and strong info sec technical background in both traditional and cloud (Azure preference) environments
- Experience with quality improvement processes to drive efficiency
- Effective presentation skills (written and verbal)
The ideal candidate must hold at least one of the following qualifications:
- CISM / CISMP / CISSP / ISO 27001 Lead Implementer / ISO 27001 Lead Auditor
- Technology experience within Football or other sporting associations or a working knowledge of sports administration systems
- Experience working in a matrix structure/multiple client groups
What we can offer you
- An exciting and challenging role within a changing, dynamic and world-renowned sports organisation.
- Attractive benefits and a competitive salary.
Please be aware that unless you are on a homebased contract, your contract with The FA will specify a fixed location of either Wembley Stadium, St. George's Park or our Processing Centre.
We currently work within a hybrid working model whereby the expectation is to work from your contractual location for part of the week, and as and when required by the team. The remaining days can be worked remotely. We will continue to monitor this model and it may be adjusted in future if deemed necessary.
The Football Association Group promotes inclusion and diversity, and welcomes applications from everyone. If you have any particular requirements in respect of the recruitment or interview process please mention this in your application.