Information Assurance Lead

7 days left

02 Feb 2017
02 Mar 2017
Contract Type
Full Time

Information Assurance Lead

Reporting to - head of information security

Direct reports - IT security analyst

Working hours - full time is 35 hours a week. You'll agree your working pattern with your manager.

Salary - £70k

The purpose of your role

Managing our technical security capabilities and developing our internal policies and standards.

As an organisation, it's crucial that we handle our customers' data according to our information security policies and standards. Our information security team makes sure we always abide by the Data Protection Act and that any risks are identified and managed well so that our customers can rely and trust us in the way we're using their personal information.

As our lead security analyst, you'll lead and work with a small team to make sure we're doing things right and that we're meeting our obligations on a daily basis. You'll guide stakeholders in a way they can understand and also work with the organisation from a security perspective as we start to deliver more services digitally.

You'll make sure our technical capabilities, including both our internal and perimeter controls like firewalls, end point protection, e-mail and web usage monitoring, are adequate and appropriate for the organisation. We also need to make sure our 3rd party suppliers are doing what they say from a security perspective - so you'll be vetting them and auditing them to check that they're closely following out security policies and procedures.

How we'll measure your success

  • feedback from colleagues on how your stakeholders view the security team's work and results
  • delivery of your own objectives, which you'll agree with your manager
  • demonstrating that security risk is being identified and managed effectively
  • your ability to meet key performance indicators around project delivery
  • the robustness of the technical controls you've implemented and are overseeing
  • making sure the right skills are available within your team at the right time
  • feedback on how well you manage your team and how engaged they are
  • delivery of your team's objectives - including the knowledge and capability in your team
  • how you've lived our values and role modelled the behaviours we expect of everyone every day

You're accountable for… our customers - our people - our reach - our service

  • coordinating the team's internal security audits
  • monitoring all technical security incidents, and managing controls and mechanisms to prevent and minimise risks
  • ensuring our vulnerability management programme is working effectively, and making sure we interpret and deliver the right information to the other IT teams from our scanning solutions
  • playing a lead role in the technical security operations function
  • working with and managing 3rd party suppliers - including negotiating contracts and making sure we carry out due diligence to ensure they remain compliant with our policies
  • performing security risk assessments and flagging issues to the relevant stakeholders
  • shaping and managing a penetration-testing schedule to make sure both our internal and hosted IT systems are secure
  • working with project teams, giving advice on security policies, risk and making sure we always have what we need from a security perspective
  • managing and developing the information security management system (ISMS), taking ownership of important technical policies and standards
  • leading and developing a small team of information security analysts
  • successfully advising from a security perspective on projects and change activity which contributes to shaping the future of the organisation
  • effectively managing risk on behalf of key stakeholders - you'll make sure the right processes and procedures are in place for us to investigate issues if anything serious goes wrong
  • supporting your team's wellbeing - monitoring and managing their engagement, resilience and attrition / sickness levels
  • effectively managing and motivating a small team of security colleagues - you'll be setting clear objectives and having an effective framework in place to monitor progress and measure performance - addressing issues effectively, proactively and promptly

Your experience includes…

  • working in a security team or function within a medium-sized or large organisation - you'll have had accountability for major security initiatives
  • using excellent communication skills to engage with stakeholders at all levels in a way they can understand
  • scoping and managing penetration tests for a portfolio of systems and hosted services
  • having knowledge and experience of vulnerability management
  • having a good understanding of ISO27001 and developing an ISMS
  • having a good knowledge of the Data Protection Act and other relevant legislation
  • having a good understanding of access and identity management, and solutions that prevent data leakage
  • holding CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager) or an equivalent qualification would be desirable

Call/email on /