Information Security Officer
Working at St Andrew’s Healthcare
We're the largest independent provider of services to the NHS, a unique mental health charity aspiring to deliver truly world-class care. Our focus is transforming lives through ground breaking treatment and rehabilitation, with surpluses re-invested in our outstanding facilities. You’ll find a welcoming, inclusive culture here, inspired by the shared values of our team. Everyone has their part to play in the amazing work we do – you’ll have every opportunity to get what you want from your career.
About the role
We are looking for an IT/Information Security Officer, who will report to the Head of Architecture & Security, and work within the Security team.
You will be responsible for ensuring security policies, standards and best practices are reflected and implemented in technical systems, architectures and operational processes.
As part of the Charity’s drive to provide security, resilience and assurance across its pathways and functions, you will be:
- Conducting compliance and assurance activities against operational and technological processes and platforms of St Andrew’s and its supplier-base.
- Abstracting security requirements from new projects, working alongside technical and compliance teams to ensure compliance with policy, procedure and design best-practice.
- Facilitating risk assessments across all aspects of the Charity, and provide mitigation advice as required – pertaining to information technology.
- Managing St Andrew’s ISMS framework, and associated activities.
- Communicating and cascading security requirements to designers and be able to articulate technical issues to a non-technical audience.
An excellent communicator, comfortable engaging with senior management, as well as technical staff, you will have a minimum 2 - 5 Years Information/IT Security Experience & managed information security controls, ideally in an ISO27001 certified environment.
In addition you will have practical and demonstrable working knowledge of Office 365, corporate level networks and architectures, Compliance Frameworks and methodologies including ISO27001, SANS, NIST.
Knowledge of SIEM, Vulnerability Management and other such compliance tools would be desirable & an understanding of information security methodologies and controls – including their implementation and measurement.
Essential Qualifications / Certifications:
- ISO27001 Implementer and/or Auditor
- S+ or SSCP
Desired Qualifications / Certifications:
We offer an excellent benefits package including pension, 35 days holiday, life cover, car lease scheme, free parking, cycle to work scheme, childcare vouchers & access to vocational qualifications
Closing Date: 3rd March 2019