Information Security Specialist
Location: City of London
Reports to: Group Information Security and Data Protection Officer
Salary: £60,000-£65,000 (6 month fixed rate contract) or £300 - £400 per day.
No. Required: 1
Start Date: ASAP
Assist in the management and development of the global information security and privacy function, providing input into the setting and communicating the strategy and direction for the function. This role serves to support the process owner for:
- all ongoing activities that serve to provide appropriate access to and protect the confidentiality and integrity of customer, employee and business information in compliance with organisation policies and standards.
- all ongoing activities that serve to comply with our privacy and data protection obligations and responsibilities set out in organisation policies driven by the legal and regulatory bodies within the jurisdictions in which we operate.
- Assist in the operations of the information security function ensuring its smooth and effective functioning, that standards, objectives and accountabilities are clearly defined and communicated, that control systems are in place and all aligned to global strategy.
- Participate and contribute to the Information Security Governance Committee which reports to the Operation Committee.
- Ensure that the department acts a source of technical expertise, providing expert advice and guidance on information security, privacy, demonstrating sound commercial judgement and a thorough understanding of the business.
- Build a strong relationship with internal clients, demonstrating a thorough understanding of their business and how information security and privacy can add value to it. Contribute to the strategic decisions of the business through the introduction and implementation of appropriate systems and processes.
- Collaborate on group wide issues, in particular, but not limited to;
o Compliance with privacy and data protection requirements.
o Implementation and further development of information security, privacy and policies, guidelines and processes.
- Ensure that regional policies and procedures, if any, reflect the risk appetite and requirements of the group. This shall involve regular review of regional policies (if any) and procedures and the reissuing of these as required.
- Assist with status and progress reporting of information security and privacy issues to management.
- Assist with staff awareness of Information Security and Privacy good practice in line with global standards. As required, provide direct training and oversight to employees, affiliate marketing partners, alliances, or other third parties, ensuring proper information handling in accordance with established global organisational information security policies and procedures.
- Assist with initiating, facilitating and promoting of other activities to create information security awareness within the offices in line with global standards.
- Perform information security risk analysis on initiatives. Ensure that the group?s information security risks are consistently analysed and reported to local management.
- Assist with the development and implement a Security Incident Reporting and Response System to address any security incidents that might occur. This service should respond to alleged policy violations and complaints from external parties.
- In particular work to ensure that projects and products are verified and reviewed.
- Assist development and support teams, as requested, by providing active guidance, instruction and assistance in ensuring that new products meet or exceed the control requirements, as well as those of our regulators.
- Assist with ensuring contracts and service agreements with, but not limited to, third party suppliers, cover holders, program administrators meet information security, data security, privacy and breach notification requirements.
- Assist the IT department in the development of all system-related security plans throughout the organisation's network, and act as a liaison to IT. In particular, advise the IT department on information security technologies and related regulatory issues.
- Assist IT in monitoring the internal control systems to ensure that appropriate access levels are maintained. Where appropriate, this can involve tool development and procurement to support the controls environment.
- Assist with the coordination of any responses to privacy related emergencies and other potentially damaging events.
- Assist in supporting the litigation process in providing privacy related advice.
- Assist with monitor statutory and regulatory changes with regard to privacy related laws and regulations within the jurisdiction in which we operate.
- Assist with managing and addressing requests received in relation to our processing of an individual?s personal information and ensure it?s in accordance with our regulatory obligations.
- As normal in an IT operational environment, projects and problems may demand evening and weekend working. This will be scheduled in advance as far as possible.
- Adopt the culture of Professionalism, Integrity, Effectiveness and Dynamic attitude that contributes to an internal environment of teamwork and promotes a positive brand image to our external customers.
- Comply with procedures, policies and regulations relevant to your role. Undertake relevant training on policies and procedures as delivered by your line manager, the Talent Management development or assurance teams (compliance, risk, internal audit) either directly, via e-learning or the learning management system.
- Comply with any specific responsibilities necessary for your role as outlined by your line manager, the Talent Management development or assurance teams (compliance, risk, internal audit) and ensure you keep up to date with developments in these areas.
- Ensure that you uphold the principle of Treating Customers Fairly.
- Carry out additional responsibilities as individually notified, either through your objectives or through the learning management system. These may include, among others, European Strategy Team, US Management team or membership of any committees.
Education and Qualifications
- Degree level educated ideally in information systems, or equivalent work experience
Skills and Abilities
- Excellent written and oral communications skills.
- The ability to prioritise work and deliver results in a pressurised environment, through tactical and strategic planning.
- The ability to manage significant client contact, providing expert advice which demonstrates judgement and an understanding of the business.
- A demonstrated ability to develop strong relationships with internal clients.
- The ability to provide support to more senior roles in developing key client relationships through the design of leading edge technologies.
- Self-motivation, with an ability to work with high degree of autonomy and to be results-driven with a flexible approach to working.
- The ability to work collaboratively with a broad range of constituencies.
- An understanding of the various data management regulatory requirements that the organisation is subject to, in the UK, the US and around the world.
- An unblemished career history holding positions requiring trustworthiness and personal integrity.
- The ability to communicate technical and security-related concepts to a broad range of technical and non-technical staff and management.
Knowledge and Experience
- Proven experience in information security, though experience in related functions such as Operational Risk Management or Systems Audit may be considered.
- A strong background in security event management, application security, network and system security, vulnerability assessment, distributed systems administration, security auditing techniques and/or general computer controls.
- Strong understanding of LAN, WAN, and wireless communications and protocols
- Strong knowledge of Windows operating systems.
- Experience in financial services is highly desirable, but not required.
- Experience in the insurance industry is desirable but not required.
- Multi-country experience (i.e., beyond UK, and ideally including US) is highly desirable, but not required.
- A strong background working with security technologies such as firewalls, intrusion detection, vulnerability scanning and remediation, security log management, network traffic analysis, and privilege management is expected.
- Knowledge of the EU Data Protection Directive, the EU E-Privacy Directive and their national implementation (for example, the UK?s Data Protection Act, France?s LOI INFORMATIQUE ET LIBERTES ACT N°78-17 and Spain?s LOPD) is highly desirable, but not required.
- Knowledge of US laws and regulations, such as HIPAA, Gramm-Leach-Bliley Act and US state breach notification laws is highly desirable, but not required.
This job was originally posted as www.jobsite.co.uk/job/959461733