Overview

We’re Kingfisher, A team made up of over 74,000 passionate people who bring Kingfisher - and all our other brands: B&Q, Screwfix, Brico Depot, Castorama and Koctas - to life. That’s right, we’re big, but we have ambitions to become even bigger and even better. We want to become the leading home improvement company and grow the largest community of home improvers in the world. And that’s where you come in.

At Kingfisher our customers come from all walks of life, and so do we. We want to ensure that all colleagues, future colleagues, and applicants to Kingfisher are treated equally regardless of age, gender, marital or civil partnership status, colour, ethnic or national origin, culture, religious belief, philosophical belief, political opinion, disability, gender identity, gender expression or sexual orientation.

Join us as a Banner Information Security Officer in our office of Longpont-sur-Orge (91).

The Business Information Security Officer is a senior cybersecurity leader who is the primary point of contact and who acts as a bridge between the IT Security Team and the business function for their assigned Banner/Group Functions. The role ensures that Kingfisher Group strategies align with business goals and operations

What’s the job?

• Act as the primary liaison between the wider Security Function and the Banner, ensuring a balance between business operations and security
• Develop and maintain strong relationships with key Banner stakeholders to enable the delivery of security to the business being the Information Security SME and a trusted advisor.
• Own and maintain the Cyber risk register for the Banner(s) or Group Functions areas with regular reviews and reporting
• Support the Banner in risk decision making and prioritisation of activities
• Ensure all projects/solutions are delivered ‘Secure by Design’, raising risks where appropriate to manage and track progress of controls weaknesses
• Lead the response between Group Technology and the Banner for security incidents and breaches and be part of the Cyber Security Incident Response Team (CSIRT) when appropriate.
• Educate stakeholders on cybersecurity-related matters to drive, increase and promote a culture of security within the Banner and conduct awareness sessions and presentations for Banner colleagues
• Ensure identified supplier risks are managed by the appropriate owner and are recorded and tracked.
• Provide detailed, accurate and timely reports to support the findings of all assurance activity activities, including metrics and the status of ongoing initiatives to senior management (i.e. Phishing simulations, Threat Intelligence, Security, Risks etc.)
• Align the Cyber Security strategy, Frameworks, Policies and standards with business goals by understanding and feeding back into Information Security and GRC.
• Lead or conduct reviews of Banner systems, applications, platforms and processes against Group Frameworks, Policies & Standards to identify, document and report controls weaknesses and track risks
• Escalate and report to key Banner stakeholders where vulnerability remediation activities are not being progressed or are overdue against Group Framework guidance
• Participate in Banner planning and roadmap sessions to ensure security is integrated into Banner planning from the start

• 5+ years proven professional experience in Information Security or closely related field
• Proven experience in leadership or managerial roles within IT or Cyber Security teams
• Breadth and depth of knowledge of common standards such as ISO 27001, NIST, OWASP, PCI, NIS2 etc.
• An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative, and actionable manner
• Strong understanding of the business relevance of information security risks and the current trends and developments in information security
• Excellent written and verbal communication skills
• A demonstrated ability to use positive influencing skills effectively to modify their opinions, plans, or behaviours
• Robust decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
• Strong organization, prioritization, and rationalization skills
• Has the accessibility and ability to interface with, and gain the respect of, stakeholders at all levels and roles in the company
• Is a confident, energetic self-starter, with strong interpersonal skills
• Has good judgment, a sense of urgency and has demonstrated commitment to high standards of ethics, regulatory compliance, customer service and business integrity
• Strong team values, recognises the value of a positive team environment and contributes to the creation of this.