Information Security & Compliance Officer
Our client has a vacancy for an Information Security and Compliance Officer, reporting to the Chief Information Security Officer.The main purpose of the role is to be collectively responsible, as an effective member of the Information Security Team, for ensuring that the Group has systems of internal control that adequately identify measure and manage its information security and compliance risks across all activities.
·Assisting with the management and maintenance of the Information Security Management System (ISMS) and/ora Business Continuity Management System (BCMS) and/or a Data Protection Management System (DPMS) that embraces information governance best practice and compliance with relevant legislation and ISO 27001/2 and ISO 22301
·Managing Information Security Incidents in line with ISO27001 requirements, along with interrogating the relevant IT systems to establish route cause and preventive actions for IT system related Information Security Incidents
·Maintaining and managing security tools and systems
·Assisting with selecting and managing third party managed services providers
·Assisting with reporting of information security key performance indicators
·Maintaining the Information Security Policy, User Guides and Acceptable Use Policies, with particular focus on Information Technology compliance or Data Protection
·Providing information security and compliance advice when requested and ensuring that all policies and procedures remain within appropriate levels of compliance and advising on any non-compliance identified
The successful applicant will need:
·Three years + experience in information security, ideally in an insurance related environment
·Excellent working knowledge of ISO standards in relation to information security and business continuity, including experience working to the ISO 27001 certification
·Experience with implementing/maintaining security tools around IAM (Identity Access Management), Risk and Governance, SIEM (Security Incident Event Management), DLP (Data Loss Prevention), etc
·Experience of business continuity disaster recovery planning
·Excellent working knowledge of the Data Protection Act legislation
·Good communication and presentation skills
·Awareness of FCA compliance
The successful candidate must already a level 6 qualification on the Qualification Credit Framework (QCF). This equates to a degree with honours, ISEB/BCS Certificate in Data Protection, or Certified Information Systems Security Professional (CISSP).The CISSP, General Information Assurance Certification (GIAC) or Certified Information Security Manager (CISM) qualifications are desirable.
Due to the large number of responses we receive it is not always possible to respond to every application. We will only contact those candidates short-listed for this role. If you have not heard from us within 7 days please assume you have been unsuccessful on this occasion. If you wish to apply for further roles please do so. We will retain your details on file and contact you should a suitable vacancy become available.