Information Security Officer
* Further education calibre individual in either technical / business subject.
* Certified Information Systems Manager (CISM)
* ISO 27001 Implementation / Audit Qualifications
Relevant Experience Required
* Good experience and knowledge of ISO27001 PCI-DSS and NIST
* 3 years working in Information Security
Main Duties and Responsibilities
In conjunction with the Head of Information Security Governance, develop and implement information security policies and standards, assuring that these compliant with all applicable legal or regulatory legislation;
Assist with the overall governance and compliance of the firms' information security policy, standards, and procedures via engagement across the practices;
Ensure all Information Security Governance documentation sets are reviewed on a regular basis and recommend amendments in security policies and practices in accordance with changes to working practices or regulatory compliance;
Work as a Information Security Auditor to define an audit framework and schedule and conduct internal audits to verify compliance to Information Security policies and standards;
Advise (where appropriate) where remedial actions would be required, highlighting where these are not in line with our risk appetite;
Drive and support an exceptions and waivers process for recording and authorising any acceptations to the policies and standards ensuring these exceptions are appropriately reviewed and action taken where relevant;
Manage and drive the information security incident process, including investigating or working with relevant teams to deal with the incidents, identify the root cause and amend policies when required;
Promote the firm's security policy, educating to ensure appropriate measures are taken to secure the firm's information and minimising security incidents;
Ensuring appropriate internal and external tools/applications to assist with the reporting and management of governance, allowing for monitoring and completion of non compliance across all areas of the business;
Drive and manage processes for reporting KPI's and other metrics in relation to risk, threats, vulnerabilities, compliance and performance and communicated in a timely and effective manner to all affected stakeholders and management;
Conduct post-incident investigations and provide advice to address issues and/or amend procedures to enhance the Firm's information security protection;
Work with the business and the wider Information Security department to ensure that the appropriate controls are in place to protect the information of the firm, in line with our risk appetite;
Assist with all security certifications to ensure a compliance;
Assist with the management an chairing of the governance group including the documentation and completion of actions;
To work collaboratively with the project teams and the PMO to ensure that new project requirements and changes adhere to the security policies; and
Create and manage the information security risk register, in conjunction with Risk and Compliance.
If you have the required experience, apply now to **********************
Spring Technology is acting as an Employment Business in relation to this vacancy.
Spring Technology is an Equal Opportunities employer; we welcome applicants from all backgrounds.
This job was originally posted as www.jobsite.co.uk/job/960290195