JOB TITLE: Information Security Officer

DEPARTMENT: Technology/IT

REPORTING TO: Technology Strategy Manager

This is a hybrid role, with five days on-site at Stamford Bridge, with 4 work from home days per month.

Closing date: 23rd January

We encourage you to apply as soon as possible. In the event that we receive a large number of applications, the position may be filled before the listed closing date. To avoid missing out, please submit your application at your earliest convenience.

JOB FUNCTION: As the Information Security Officer, you will be responsible for safeguarding the organisation’s Technology/IT infrastructure by identifying vulnerabilities, leading security initiatives, and ensuring compliance with security policies. This role will take a proactive leadership approach in enhancing the security posture of the club, driving key projects, and overseeing risk management. You will act as the primary point of contact for security incidents and lead collaboration efforts across teams to maintain a secure and resilient environment.

KEY RESPONSIBILITIES INCLUDE:

• Lead vulnerability management and incident response across all platforms and systems.
• Oversee and execute security projects, including policy enforcement and new initiatives.
• Collaborate with the Technology and Infrastructure teams to ensure continuous improvement of the club’s security framework.
• Manage relationships with external security partners and ensure timely resolution of any third-party security issues.

MAIN RESPONSIBILITIES:

• Identify and manage vulnerabilities within our current infrastructure.
• Monitor network traffic and logs to ensure compliance with security policies and swiftly address any anomalies.
• Take ownership of risk management and vulnerability assessments, offering strategic recommendations and working with internal teams to implement remediation actions.
• Oversee phishing campaigns, investigate phishing alerts, and ensure continuous improvement of threat detection.
• Collaborate with external security partners to manage risks, vulnerabilities, and incidents, acting as the primary liaison between these partners and the club.
• Perform investigations of security incidents and breaches not covered by external partners, and oversee the club's response to such threats.
• Educate teams across the club on security best practices, and ensure they are equipped with the latest knowledge and tools to handle security incidents.
• Lead on drafting and updating security policies, ensuring compliance with the latest industry standards.
• Manage email security filters and respond to alerts in a timely manner.
• Conduct regular security audits and assessments to ensure continuous improvement in the club’s security posture.
• Assist in security-related legal and data protection matters (e.g., eDiscovery) as needed.
• Champion the club’s efforts towards achieving CE+ certification, and drive forward other major security initiatives.

MEASURES OF PERFORMANCE:

• Respond to security alerts and incidents within defined SLA terms.
• Improve and maintain the club’s secure score, ensuring regular updates and remediation actions.
• Successfully lead and implement vulnerability and risk management processes across all departments.
• Ensure security awareness and compliance throughout the organisation by delivering regular training and workshops.

EXPERIENCE/REQUIREMENTS:

Essential:

• Extensive experience in an information security role, including incident and service request management.
• Experience with vulnerability management, risk assessment, and monitoring of IT systems.
• Strong understanding of cloud security, with hands-on experience in Microsoft and Cloud environments.
• Knowledge of security frameworks and regulations (e.g., GDPR, CE+).
• Effective communication skills, with the ability to educate and influence a non-technical audience.

Desirable:

• Professional cybersecurity certifications (e.g., CISSP, CISM).
• Experience in Data Protection and GDPR compliance.
• Experience with risk management in a fast-paced, highly regulated environment.
• Microsoft Windows technical certifications.

Our commitment to Equality, Diversity and Inclusion:

At Chelsea we recognise that the diversity of our people is one of our greatest strengths and we are taking positive action to ensure our existing colleagues and job applicants can fully be themselves and bring their own unique experiences and perspectives to Chelsea FC. This means giving full and fair consideration to all applicants regardless of age, disability, gender reassignment, race, religion or belief, sex, sexual orientation, marriage and civil partnership, and pregnancy and maternity.

If you need reasonable adjustments made to the recruitment process, please reach out to your recruiter, who will be able to advise and support you.

Chelsea FC and the Foundation is fully committed to ensuring the safety and well-being of all children, young people and adults at risk (vulnerable groups). We therefore require all successful applicants to complete a DBS Check prior to starting employment. Depending on the role, successful applicants may also be required to undergo other child protection screening where appropriate.

This Job Description is not intended to be exhaustive; the duties and responsibilities may therefore vary over time according to the changing needs of the Club.