JOB TITLE: Information Security Officer

DEPARTMENT: Technology/IT

REPORTING TO: Technology Strategy Manager

This is a hybrid role, with five days on-site at Stamford Bridge, with 4 work from home days per month.

Closing date: 23rd Jan

We encourage you to apply as soon as possible. In the event that we receive a large number of applications, the position may be filled before the listed closing date. To avoid missing out, please submit your application at your earliest convenience.

JOB FUNCTION:

As the Information Security Officer, you will be responsible for safeguarding the organisation’s Technology/IT infrastructure by identifying vulnerabilities, leading security initiatives, and ensuring compliance with security policies. This role will take a proactive leadership approach in enhancing the security posture of the club, driving key projects, and overseeing risk management. You will act as the primary point of contact for security incidents and lead collaboration efforts across teams to maintain a secure and resilient environment.

KEY RESPONSIBILITIES INCLUDE:

• Lead vulnerability management and incident response across all platforms and systems.
• Oversee and execute security projects, including policy enforcement and new initiatives.
• Collaborate with the Technology and Infrastructure teams to ensure continuous improvement of the club’s security framework.
• Manage relationships with external security partners and ensure timely resolution of any third-party security issues.

MAIN RESPONSIBILITIES:

• Identify and manage vulnerabilities within our current infrastructure.
• Monitor network traffic and logs to ensure compliance with security policies and swiftly address any anomalies.
• Take ownership of risk management and vulnerability assessments, offering strategic recommendations and working with internal teams to implement remediation actions.
• Oversee phishing campaigns, investigate phishing alerts, and ensure continuous improvement of threat detection.
• Collaborate with external security partners to manage risks, vulnerabilities, and incidents, acting as the primary liaison between these partners and the club.
• Perform investigations of security incidents and breaches not covered by external partners, and oversee the club's response to such threats.
• Educate teams across the club on security best practices, and ensure they are equipped with the latest knowledge and tools to handle security incidents.
• Lead on drafting and updating security policies, ensuring compliance with the latest industry standards.
• Manage email security filters and respond to alerts in a timely manner.
• Conduct regular security audits and assessments to ensure continuous improvement in the club’s security posture.
• Assist in security-related legal and data protection matters (e.g., eDiscovery) as needed.
• Champion the club’s efforts towards achieving CE+ certification, and drive forward other major security initiatives.

MEASURES OF PERFORMANCE:

• Respond to security alerts and incidents within defined SLA terms.
• Improve and maintain the club’s secure score, ensuring regular updates and remediation actions.
• Successfully lead and implement vulnerability and risk management processes across all departments.
• Ensure security awareness and compliance throughout the organisation by delivering regular training and workshops.

EXPERIENCE/REQUIREMENTS:

Essential:

• Extensive experience in an information security role, including incident and service request management.
• Experience with vulnerability management, risk assessment, and monitoring of IT systems.
• Strong understanding of cloud security, with hands-on experience in Microsoft and Cloud environments.
• Knowledge of security frameworks and regulations (e.g., GDPR, CE+).
• Effective communication skills, with the ability to educate and influence a non-technical audience.

Desirable:

• Professional cybersecurity certifications (e.g., CISSP, CISM).
• Experience in Data Protection and GDPR compliance.
• Experience with risk management in a fast-paced, highly regulated environment.
• Microsoft Windows technical certifications.

Employee must at all times carry out his/her responsibilities with due regard to Chelsea Football Club policies and procedures in particular Health & Safety, Financial Authorisation, Confidentiality and with regard to the Data Protection Act. The Employee must act to protect all young people and vulnerable adults that are in their care or attending the Company's premises. The Employee must report any misconduct or suspected misconduct to the Safeguarding Lead.

Chelsea Football Club and the Foundation is fully committed to ensuring the safety and well-being of all children, young people and adults at risk (vulnerable groups) that are in our care or attending our premises. As a consequence, Chelsea FC may require any successful applicants to complete a DBS Check prior to working at our premises. Successful applicants may also be required to undergo other child protection screening appropriate to the post applied for.

The Employee must ensure a positive commitment towards equality and diversity by treating others fairly and not committing any form of direct or indirect discrimination, victimisation or harassment of any description and to promote positive working relations amongst Employees and customers.

The above Job Description is not intended to be exhaustive, the duties and responsibilities may therefore vary over time according to the changing needs of the Club.