Head of IT Security

Job Purpose and Background

With the successful launch of CDP's new digital disclosure platform and the expansion of our technological capabilities, ensuring we have robust and dependable security infrastructure and practices that protect the data of our disclosers, and wider ecosystem, is essential to CDP's long-term future.

We are now embarking on an effort to build a new in-house Cybersecurity team, beginning with the Head of Infrastructure & Security who will be responsible for leading the team, including developing and delivering a global security roadmap, encompassing infrastructure, tooling, policies, procedures, certifications, and training. This is an exciting greenfield opportunity to build and shape a new Security function, leveraging the latest Azure technologies, with a vision of attaining ISO27001 certification in the near-future.

About CDP

CDP is a not-for-profit charity that runs the global disclosure system for investors, companies, cities, states and regions to manage their environmental impacts. The world's economy looks to CDP as the gold standard of environmental reporting with the richest and most comprehensive dataset on corporate and city action. In 2021 we launched our new five-year strategy: Accelerating the Rate of Change - find out more here . Visit or follow to find out more.

Key responsibilities include:

Leadership responsibilities:

• Create and oversee the organization's overall cyber security strategy and positioning, as well as partnering with other senior stakeholders to contribute to the wider IT strategic planning.
• Lead, develop and enable the Cyber Security team.
• Design and implement awareness training and other approaches to ensure security is understood and embedded across the business at all levels.

Technical responsibilities:

• Deliver security projects and initiatives through both strategic guidance and hands-on implementation.
• Collaborate with software development teams to embed security best practices.
• Implement and manage Azure and M365 security resources (Azure Firewall, NSG, Web Application Firewall, Front Door, EntraID, B2C, MFA).
• Design and build cloud-based infrastructure with a strong focus on cyber security optimization.
• Develop and maintain comprehensive security policies and standards.
• Maintain our CyberEssentials certification and drive our security maturity towards future ISO27001 certification.
• Manage our 3rd Party due-diligence process, assessing vendors and responding to customer security questionnaires.
• Maintain robust role-based access control, ensuring all personnel have IT access limited to their need and role within the organisation.
• Monitor and guide the IT Operations team to cultivate a sense of security awareness, including continuous education and improvement.
• Manage the end-to-end penetration testing and remediation activities across CDP.

Tech-stack: Azure Sentinel, Azure Log Analytics, Azure Defender and Azure Defender For Cloud, AppCheck, Azure Security, Microsoft Intune, Forcepoint, Cisco Meraki.

You will bring the following:

• Demonstrates competence and enthusiasm leading and managing a cybersecurity team, as well as strong technical expertise.
• Excellent interpersonal and client-handling skills, with the ability to manage expectations and simplify detail to key principles and decisions.
• Excellent written, verbal and presentation skills in English to properly articulate complicated security requirements to management, key partners and other stakeholders.
• A positive approach with a high level of self-motivation and drive, committed to achieving high standards, even with challenging deadlines.
• Previous experience developing cybersecurity roadmaps and strategies, defining requirements, with consideration of leveraging cloud as a delivery platform.
• Extensive exposure and working experience applying cyber security practices to cloud technologies (Azure advantageous).
• Deep understanding of application security and collaboration with development teams.
• In-depth knowledge of Information Security standards (including but not limited to Cyber Essentials, Cyber Essentials Plus, ISO27001).
• Deep understanding of IT Service Management principles (ITIL).
• Excellent knowledge of OWASP.
• Ability to stay ahead of emerging technology trends (ie cloud and SaaS) and industry developments.

Preferable:

• Knowledge of infrastructure monitoring/logging, performance and capacity management, automation, and application toolchain (CI/CD) is an advantage.
• CISSP certified.

Salary and benefits:

• Competitive NGO salary and 8% Company Pension Program.
• 30 days annual holidays (with purchased leave options).
• Flexible working hours (with option to take flex-days).
• Up to 6 months remote work anywhere in the world.
• Paid sabbaticals, enhanced maternity/paternity/adoption leave.
• Office offering prayer room and breastfeeding facilities.

Before you apply:

We'll only use the information you provide to process your application. For more details on how we use your information, see our applicant's privacy notice . By uploading your CV and covering letter, you are permitting CDP to use the information you have provided for recruitment purposes.

How to apply:

Please upload your CV in the application form.