Information Security Officer

11 May 2017
10 Jun 2017
Contract Type
Full Time

Huntswood, a Best Companies Employer, is the UK's leading specialist resourcing and consultancy firm focused on governance, risk and compliance in the areas of regulatory conduct and financial crime.

We are recruiting for a Information Security Officer & Business Continuity Manager to join our growing BIC team. The role is based in Reading, Berkshire.

Role purpose

To ensure the effectiveness of our security policy, Huntswood has aligned its Information Security Management System (ISMS) to ISO27001:2013, achieving certification in 2012 and recertification in 2015.

The purpose of the role is to ensure our compliance with the standard and that information security is given the correct priority and focus within the business. The role will be responsible for leading Huntswood's information security management; gathering information necessary to maintain security and ensuring ongoing suitability of all information security measures and objectives. The role will assess the impact of business changes, system modifications and technological advances, recommend improvements to mitigate potential security weaknesses and vulnerabilities, implement changes and document upgrades.

The role operates at all levels of the business, providing visibility, advice, guidance and support to the board, their senior management teams and their business units on information security matters.

Job description
  • Maintain customer, client and board confidence by ensuring Huntswood's ISO27001 certification is kept up to date and leading Huntswood's continual improvement in the field of information security
  • Establish, drive and embed best practices for information security risk identification and management
  • Daily management of Huntswood's ISMS, which includes keeping the asset register, risk register and the risk treatment plan up to date; work with business owners to ensure that information assets have been assigned appropriate security classifications
  • Keep Huntswood's board regularly updated on information security incidents and risks faced by the business following Huntswood's risk management framework. Be a source of advice on effective mitigating actions (corrective & preventive)
  • Manage stakeholders at all levels within Huntswood, ensuring strong relationships are built and maintained. Instil confidence across the Huntswood business that information security risks are identified and mitigated
  • Demonstrate and maintain excellent knowledge of ISO27001 controls and best practices
  • Ensure Huntswood's ISMS policies are up to date, regularly reviewed and aligned with business strategy and focus
  • Ensure all relevant Huntswood representatives receive regular information security training
  • Keep up to date with current information security trends and ensure Huntswood's ISMS effectively controls current threats and vulnerabilities faced by the business
  • Use up to date communication methods to provide Information Security awareness and news updates
  • Be the contact point for reported information security incidents and effectively manage them through to their conclusion by ensuring the effective implementation of corrective and preventive actions
  • Interaction with existing and potential clients to provide a high level of assurance of Huntswood's commitment and understanding of information security
  • Liaise with and support Huntswood's internal audit team to ensure any nonconformity is corrected in an effective and timely manner
  • Be a proactive part of the design and approval teams for new technologies and changes to information systems proposed by business heads to ensure Huntswood's footprint of vulnerability is kept within acceptable levels
  • Provide SME input to commercial activity (i.e. bid/RFP responses) and project/proposition developments
Essential skills
  • Detailed/expert level of understanding of ISO27001:2013
  • Previous experience of implementing and or managing ISO27001 in a successful business
  • Detailed understanding of risk management
  • Ability to lead, drive and embed revised and new processes, procedures and best practices
  • Ability to undertake or facilitate business impact assessments
  • Ability to work professionally and constructively within a team environment providing advice and consultancy
  • Excellent business communication skills, with the ability to communicate at all levels
  • Detailed level of understanding of data protection and UK's Data Protection Act 1998
  • Up to date knowledge of current threats and vulnerabilities facing the modern business today with the ability to learn and keep abreast of emerging threats
  • Excellent decision making and problem solving skills
  • Ability to demonstrate good business acumen
  • Good time management and project management skills
  • Ability and experience in working and communicating effectively with both technical and operational stakeholders in information security and business continuity matters
Desirable skills
  • Information security qualification (ISC)2 CISSP or equivalent
  • Degree in a relevant subject
  • An understanding of PCIDSS
  • Working knowledge of ISO 22301
  • Previous experience of the financial services sector and/or outsource service provision
Core behaviours

To work with, Huntswood's employees are described as dependable, driven and collaborative. The job holder should be able to demonstrate they are;

  • Confidential, reliable and genuine
  • Dynamic, passionate and determined
  • Friendly, compassionate and cooperative

"It's not just about what we do, but the way we do it. And it's our values that make us special."