Information Security Consultant
The Head of Information Security is responsible for implementing and maintaining compliance of ISO 27001 security policies and behaviours and being a security advocate for the business. They will take ownership of security incidents locally and coordinate activities on site to resolve and rectify the issue to the required security standard.
The role requires the individual to work with teams across the Group to explain Security Working Practices and contribute to the enhancement and modification of Security Policy Documents. The role would represent the Group Security Manager and Group Security Policies and run regular meeting such as the Information Security Form. The Head of Information Security would have engagement with external parties to assess risk on their proposals as well as managing actions list and recording minutes and evidence for submission to external auditors.
Dimensions:·Responsible for implementing and maintaining ISO 27001 security policies and behaviours supporting circa 400 staff, £1.2bn revenue.
Key Responsibilities:·Responsible for implementing and maintaining ISO 27001 security policies and behaviours·Being the Security advocate for the business·Chair the Information Security Forum and other Security related meetings as required·Progressing Action Lists·Recording minutes and evidence for submission to external audit·Taking ownership of Security Incidents locally and coordinating activities onsite·Working with business and IS teams and explaining Secure Working practices·Contributing to, modifying and improving Security Policy & Procedural documents·Performing risk assessments·Representing the Group Security Manager and Group Security policies locally·Arranging meetings with external parties and assessing risks on their proposals·Taking ownership of Security related problems and coordinating responses to resolve
Knowledge, Skills and Experience required: Essential·Experience of compliance activities (ISO27001 or similar regulatory requirements)·Needs to be able to influence others thinking·Needs to be a decision maker – not seek approval for every task / activity·Able to work at all levels – users to senior managers·Be part of a team and take responsibility for their own actions (will be supported, but I expect them to have the confidence in their own abilities)·Excellent communication skills – verbal and written and can lead and manage meetings/forums·Able to work at various sites (Ipswich Europark, Ipswich Town Centre, Northampton, Selby and London occasionally)
Desirable·Live locally – (long commutes may restrict flexibility)·ISO27001, ISO27005, ISO27035 experience·Smart Metering or knowledge of Energy Sector·Experience of working with 3rd party suppliers
Special Features:·Occasional travel to regional offices (London, Selby)·Working hours may need to be flexible to support delivery of various projects and deliverables.
Measures of Success:·Compliance with ISO 27001 Security Policies.·Evidence supplied to external auditors is correct and valid at the time of submission.·Security incidents on site are managed and risks or issues are escalated up to Group Security when required.·Risks assessments internally are up to date and complete and submissions by external parties are reviewed and documented as regards feedback.
This job was originally posted as www.totaljobs.com/job/76201161