Main Purpose of Role
Responsible for creating, maintaining and updating the Information Security Management System (ISMS) to ensure our processes and procedures are robust and effective.
Act as the day to day representative for Information Security matters and co-ordinate Information Security incidents.
Work with internal stakeholders to develop relationships to help promote and improve information security and provide security advice on procurements, projects and new initiatives as required.
Review, manage and audit infosec position of 3rd Party suppliers (current and future).
Work with the Enterprise Architecture team to ensure security is included by design for all new initiatives and with the IT Ops team to ensure on-going protection of internal IT infrastructure.
Responsibilities also include maintaining the IT Business Continuity and Disaster Recovery Plans.Key ResponsibilitiesInformation Security Governance
Responsible for assessing, approving and advising on all information assurance and security matters.
Responsible for ensuring all information security requirements comply with industry good practice and relevant legislation.
Staying abreast of the Cyber threat landscape and assessing/introducing protective measures to ensure ongoing protection.
Manage conducting internal audits in support of Information Security Management Systems.
Manage InfoSec business maturity review with recognized third parties and produce and implement an Information Security improvement plan.
Identify Security Key Performance Indicator's (KPI's).
Manage regular steerco and management boards in the Information Security Space. Produce and present KPI Management Information to stakeholders to demonstrate performance.
Review, manage and audit infosec position of 3rd Party suppliers (current and future)
To promote security awareness by developing and implementing a security awareness and training programme.Solution Design
Work closely with Enterprise Architecture function to ensure security is included by design for all new initiatives.Compliance & Security
Responsible for coordinating ISO27001 certification audits and ongoing compliance on behalf of IT.
To support and contribute actively to health and safety, environmental, business continuity and information security arrangements that meets our obligations to our customers.Person SpecificationExperience (technical, managerial, industry)Required
- Minimum of 5 years' experience working as an Information Security Officer/Information Security Specialist/Information Security Manager.
- Demonstrable experience of ISO27001: 2017 certification process and audits.
- An excellent knowledge of relevant information security standards and practices.
- In depth experience of maintaining and managing the ISMS on behalf of the company.
Education level / Qualifications (professional, vocational)Required
- Knowledge of GDPR compliance.
- Knowledge of IT Business Continuity Planning and execution.
- Knowledge of IT Disaster Recovery management and oversight of execution.
- Experience and skills in the project management of the design and implementation of corporate Information security projects.
- Experience as a Solution Designer
- Educated to Degree Level.
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
Skills / KnowledgeRequired
- Certified Ethical Hacker (CEH)
- Certified Secure Software Lifecycle Professional (CSSLP)
- Prince 2
- ITIL V3 Foundation
- ISO27001:2017 and Cyber Essentials (Plus) up to and including certification.
- Comprehensive understanding of security threats, cloud technologies (including Microsoft Azure, Microsoft 365) legislative and regulatory standards, industry frameworks and best practices.
- Experience of writing and introducing effective information security and compliance policies and guidelines.
· Expansive experience of risk management frameworks and methodologies.