Information Security Officer

BMC Recruitment Group Ltd
Newcastle upon Tyne
£40000 - £60000/annum
07 Jul 2017
06 Aug 2017
Contract Type
Full Time
The Organisation:

Our client is a leading supplier of technology who operate in a highly regulated environment, ensuring integrity and compliance presents an incredible challenge for the organisations Compliance and Security teams.

They are seeking an exceptionally dynamic individual to join the business in the role of Information Security Officer (ISO) where you will have extensive experience working in the internet security space, and have a deep interest in the evolving threat landscape impacting financial B2C web properties.

The Role:

You will work closely with the CTO and will take responsibility for the implementation and continuous improvement of the companies Information Security Management System (ISMS), designed to comply with ISO 27001.

• Lead the Information Security function, evangelising the benefits of security across the organisation by working closely with all areas of the business.
• Work closely with the Service Delivery team to promote automation of provisioning and monitoring of security aspects throughout the IT estate and facilities. Develop appropriate ISMS reporting mechanisms to provide on demand, data rich content.
• Coordinate the development of the organisations ISMS framework, standards and procedures.
• Develop and implement Cyber Incident Response Plan and Reporting Framework to address security incidents or complaints from external parties. Serve as the company's primary contact point for information security and privacy incidents.

The Individual:

• Relevant security management qualifications such as CISM
• ISO27001 lead auditor or implementer qualification
• 5+ years information security experience
• Excellent communication skills, able to influence at Exec level
• Excellent writing skills, able to author and review policy documentation

Desirable skills
• Experience defending webscale internet properties against distributed brute force attacks, DDOS and OWASP top 10 threats
• High level understanding of essential internet concepts (HTTP, SSL, TCP networks, OAuth)
• Understanding of cloud computing concepts and security at scale