An amazing opportunity to join an organisation that is shaping the infrastructure within the UK economy.
You will collaboratively work across the company to increase Information Security maturity and implement an ISMS (Information Security Management System) in order for the company achieve ISO27001 certification. Key responsibility will be progress reporting to senior management.
• Maintains a high level of technical expertise and awareness in the field of information security, including cryptography, security standards and good practice as applied to protecting the company, current and emerging threats and vulnerabilities in ICT and appropriate and evolving mitigating strategies and counter-measures.
• Develop, manage, and maintain the company's ISO 27001 Information Security Management System.
• Provide robust scrutiny on ISO27001 programme workstreams
• Detail and log ISO27001 requirements for the company, from both 1stand 2ndline prospective
• Design, plan internal assessments to measure control effectiveness
• Provide SME advice for the development of appropriate controls to remediating Non-Conformities and general security improvements to the business
• Regular reporting progress on agreed action plans across the company directorates to remediate non-conformities
• Develop, manage, and maintain the company's NIST Cybersecurity Framework in accordance with the Cyber Security Strategy to appraise the company's maturity
• Assimilate assurance information for the three areas of internal systems (ISO27001), the company/Participant and supplier
• Provide regular Security status reports in advance of the company's reporting cycles to the Director of Security and company Committees as required
• Work collaboratively with the Compliance team to verify policy compliance and adherence
• Perform vendor / supplier third-party security assessments
• Plans and delivers individual and group security awareness training to enhance and influence corporate and personal security culture.
Qualifications and Training
• Must have either ISO27001 Lead Auditor/Implementor qualification in addition to:
o An Information Security related professional qualification, e.g. CISMP, CISSP, CISM, or SANS.
• Preferable to have an MSc in Information / Cyber Security or related field.
• In depth knowledge of ISO27001 and ISO27002, good practices.
• Have experience of developing, running, and maintaining complex ISO27001 ISMS
• A good knowledge of business service processes, including Operational IT, HR function and Facilities
• Proven experience for monitoring compliance to the ISO 27001 standard and provide regular status reports.
• Experience of implementing and monitoring against the NIST Cyber Security Framework to continually appraise company Information Security maturity
• Security professional with significant experience in the security field.
• A broad understanding of information security principles and practices based on a sound and proven track record in applying this to complex systems and processes in multi-stakeholder environments.
• Previous experience working in a highly regulated industry would be beneficial
Core Skills and Competencies
• Strong communication and presentation skills to express complex and abstract security concepts to non-technical senior audiences.
• Good negotiating skills coupled with the ability to influence stakeholders.
• Excellent organisation and time management skills. An efficient multitasker with the ability to effectively manage competing priorities.
• Strong attention to detail, with a sharp eye for accuracy.
• Good analytical skills, with sound problem-solving and decision-making abilities.