Banner Information Security Officer

Were Kingfisher A team made up of over 74000 passionate people who bring Kingfisher - and all our other brands: B&Q Screwfix Brico Depot Castorama and Koctas - to life. Thats right were big but we have ambitions to become even bigger and even better. We want to become the leading home improvement company and grow the largest community of home improvers in the world. And thats where you come in.

At Kingfisher our customers come from all walks of life and so do we. We want to ensure that all colleagues future colleagues and applicants to Kingfisher are treated equally regardless of age gender marital or civil partnership status colour ethnic or national origin culture religious belief philosophical belief political opinion disability gender identity gender expression or sexual orientation.

Join us as a Banner Information Security Officer in our office of Longpont-sur-Orge (91).

The Business Information Security Officer is a senior cybersecurity leader who is the primary point of contact and who acts as a bridge between the IT Security Team and the business function for their assigned Banner/Group Functions. The role ensures that Kingfisher Group strategies align with business goals and operations

• Act as the primary liaison between the wider Security Function and the Banner ensuring a balance between business operations and security
• Develop and maintain strong relationships with key Banner stakeholders to enable the delivery of security to the business being the Information Security SME and a trusted advisor.
• Own and maintain the Cyber risk register for the Banner(s) or Group Functions areas with regular reviews and reporting
• Support the Banner in risk decision making and prioritisation of activities
• Ensure all projects/solutions are delivered Secure by Design raising risks where appropriate to manage and track progress of controls weaknesses
• Lead the response between Group Technology and the Banner for security incidents and breaches and be part of the Cyber Security Incident Response Team (CSIRT) when appropriate.
• Educate stakeholders on cybersecurity-related matters to drive increase and promote a culture of security within the Banner and conduct awareness sessions and presentations for Banner colleagues
• Ensure identified supplier risks are managed by the appropriate owner and are recorded and tracked.
• Provide detailed accurate and timely reports to support the findings of all assurance activity activities including metrics and the status of ongoing initiatives to senior management (i.e. Phishing simulations Threat Intelligence Security Risks etc.)
• Align the Cyber Security strategy Frameworks Policies and standards with business goals by understanding and feeding back into Information Security and GRC.
• Lead or conduct reviews of Banner systems applications platforms and processes against Group Frameworks Policies & Standards to identify document and report controls weaknesses and track risks
• Escalate and report to key Banner stakeholders where vulnerability remediation activities are not being progressed or are overdue against Group Framework guidance
• Participate in Banner planning and roadmap sessions to ensure security is integrated into Banner planning from the start

• 5 years proven professional experience in Information Security or closely related field
• Proven experience in leadership or managerial roles within IT or Cyber Security teams
• Breadth and depth of knowledge of common standards such as ISO 27001 NIST OWASP PCI NIS2 etc.
• An ability to communicate complex and technical issues to diverse audiences orally and in writing in an easily understood authoritative and actionable manner
• Strong understanding of the business relevance of information security risks and the current trends and developments in information security
• Excellent written and verbal communication skills
• A demonstrated ability to use positive influencing skills effectively to modify their opinions plans or behaviours
• Robust decision-making capabilities with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
• Strong organization prioritization and rationalization skills
• Has the accessibility and ability to interface with and gain the respect of stakeholders at all levels and roles in the company
• Is a confident energetic self-starter with strong interpersonal skills
• Has good judgment a sense of urgency and has demonstrated commitment to high standards of ethics regulatory compliance customer service and business integrity
• Strong team values recognises the value of a positive team environment and contributes to the creation of this.