The Zonal group are one of the UK’s largest technology providers to the hospitality industry. Our products are used by over 16,000 pubs, restaurants and hotels. Customers include national brands like Pizza Express, JD Wetherspoons and All Bar One.
We provide our customers with the solutions they need to make their business a success. These solutions include mobile apps for ordering and web apps for engaging with consumers either through loyalty or reservations. By linking these solutions to Zonal’s EPoS (till) system, we help hospitality brands to understand their customers’ behaviour and preferences, enabling them to excel in an increasingly competitive market.
If you have booked a table or hotel room, ordered, and paid for food and drinks, received loyalty offers, or downloaded your favourite hang out’s app, you will likely have used a Zonal product.
We are a family business with Scottish roots. We operate from our modern head office in Edinburgh to our Marketing Technologies Division in Staffordshire, or our Innovation Centre in Abingdon and hotel management solutions base in Cardiff.
**We are happy to consider remote workers for this role but as and when our head office in Edinburgh opens, you will be required to visit a minimum of once per month**
What you will do
Reporting to Zonal’s CISO, you will work within Zonal’s Security team delivering and maintaining a technology and architecture security strategy across all of Zonal’s technology landscape. This includes Zonal’s product security, IT infrastructure security, Hosting and Managed Services security and the security of all Zonal’s cloud services and future IT and product architecture. Working with the CISO and the Head of Information Security – Compliance & Governance you will be required to be the essential go-to person in the business, including Zonal’s subsidiaries on all matters relating to technical and architecture security. This will include strategic vision, scoping of requirements, design, development, implementation, incident response, budgets and adherence to all necessary protocols, regulations and any legal requirements in addition to providing security mentoring and coaching to all technical staff.
This role is ideal for an experienced security professional with a wide experience of many technical domains and with a deep experience in key areas such as software development and architecture, cloud and enterprise architecture and IT infrastructure and networking. The role is also ideally suited to a ‘people person’ who is an approachable individual who is passionate about technology, passionate about Information Security but who is also pragmatic in their approach and prides themselves on being an agent of change and getting the job done!
The ideal person will be comfortable leading from the front with the support of the CISO to drive best practices and continuous improvement and will make decisions based on data trends, metrics and KPIs.
We pride ourselves on our ability to engage the business and educate them; as such the candidate must have a high level of technical ability and share our passion for information security and be able to work with all departments across all levels, from R&D and IT & Cloud Infrastructure through to Operations, Delivery and Field Engineering.
We pride ourselves in being a customer focused security team and as such the candidate must have a high degree of customer facing skills and prowess to help ensure we fully support our customers with their security requirements.
The individual will also have the ability to understand the consequence and relative importance of risks findings within the context of the wider organisation and the customer base. They will be able to understand the broader threat environment and using this knowledge articulate and report findings and key risks, clearly and concisely. The individual will be able to deliver key messages to different audiences, from technical development teams to senior non-technical management teams.
Your Key Responsibilities will be
- Be an ambassador for security best practices by diligently applying these to how you work and how you demonstrate these to the wider business
- Use measures and KPIs to track your activities and initiatives, providing the CISO with regular reports
- Oversee all software development initiatives ensuing security best practices are baked into all aspects of the software development lifecycle. This will include working with architects to design secure solutions, working with developers to ensure code meets our security standards and coaching as required, working with other areas of product and development to ensure security is a first-class citizen in all of our products
- Oversee all infrastructure development and cloud initiatives ensuring defined security best practices and principles are designed and implemented appropriately with technical teams
- Using metrics and appropriate KPIs to ensure vulnerabilities in software, networks and infrastructure are remediated based on priority SLAs and never reintroduced, using these as coaching opportunities where required
- Be the technical owner with key security suppliers, such as our external SOC and external penetration testers
- Take ownership of security incident management responding to all incidents and SOC alarms, taking appropriate action to contain and resolve the incident, analysing and documenting RCA and implementing preventative measures
- Take ownership of external vulnerability scanning and penetration testing, planning all penetration testing within the approved budget with external penetration testers, ensuring penetration tests happen smoothly and all required teams have had sufficient notice to prepare environments and collating results into actionable and measurable reports for you to then drive remedial action via the appropriate Zonal team or department
- Conduct your own technical security audits and assessments and “mini penetration tests” as required
- Oversee the security arrangements with our partners and key suppliers, ensuring they are meeting our required security standards
- Experience working within the controls of an ISMS certified to ISO27001 and attending and contributing to internal and external audits
- Interpersonal skills, communication skills, approachability, resilience and pragmatism are an absolute must for this role. You need to win hearts and minds to be an effective agent of change
- Leadership skills as a subject matter expert in Cyber Security
- Successful track record of effective coordination, prioritization, collaboration, organisation and project delivery.
- Knowledge of relevant IT Security related hardware, software and vendor solutions.
- An overall understanding of source code programming languages, such as C#, C++, .NET, Java, Perl, PHP, Delphi, ColdFusion etc. that our teams use.
- Experience of secure software development best practices and the ability to use your experience to coach others in secure development
- Practical experience surrounding the security architecture of IT networks, firewalling best practices and applying and designing the correct security controls in a Windows domain and the ability to coach others in network and IT teams on best practices
- Practical experience surrounding the security architecture aspects of public and private facing hosted software in virtualised co-lo data centre environments and cloud networks in Azure
- Deep thinking analytical mind with the ability to quickly get to the root cause of issues.
- You will need to be organised, efficient and able to work unsupervised under your own initiative.
- Ability to lead security incidents, take command and remain under control even when under pressure
- Technical knowledge of conducting network security audits and penetration testing with a good knowledge of ethical hacking
- You will be motivated by getting things done, and getting them done in the right way, first time; you are laser focussed on achieving the best outcome.
- Documentation and attention to detail must be copybook correct
- Using your communication skills, you will keep key stakeholders aware of progress against plans and help mitigate risks. You will understand that the identification of risks and issues is not enough – when escalating you will provide recommendations and solutions.
Who you are?
- You will be a self-motivated, logical thinking problem solver who is flexible and adaptive to a very busy work environment
- You will be organised and have an inquisitive nature paired with a positive attitude and an eagerness to learn as well as to coach
- You will be extremely organised and be able to manage your time and work effectively
- You will be friendly and approachable in nature but tough when the situation requires you to be
- Ideally with a degree in Computer Science or Cyber Security; however industry experience and evidence of achievements is more desirable
- Experience of implementing and maintaining secure software, networks and infrastructure are a must for this role
Other desirable skills
- Experience of the following is beneficial:
- PCI DSS
- UK Cyber Essentials Plus
- SOC 1 / SOC 2
- Good understanding of network protocols and web/mobile development lifecycle.
- A good understanding of the OWASP Top 10.
- Ability to explain findings to non-technical professionals.
- Excellent report writing and presentation skills.
- Able to work independently but also as part of a team.
- Flexibility to change direction and manage conflicting demands.
- Outstanding organisational and data analytics skills.
What we value
Passion, Teamwork, Innovation, Professionalism, Accountability and Customer Obsession are the values we believe make us the company we are. We’re looking for someone who understands great culture and will help us shape it as it evolves.