We are currently recruiting for a Senior Information Security Assistant to join our Risk team in Bristol. The Risk & Compliance team are responsible for identifying and mitigating the major risks for the firm and compliance against specific regulatory and best practice standards. You will be working closely with the Information Security Officer and in line with our ISO27001 certification, regulatory and client requirements.
In return we will invest in you. We want you to be successful. You will receive a bespoke, on-going training programme to ensure you develop your commercial and technical skills to allow you to deliver the varied workload to a high standard. As a member of our Support team you will be a vital part of our continued success. There isn't an "us and them" mentality and you will be recognised for your hard work and support. Job Description
We value our employees highly and we want you to feel valued. You will receive a competitive basic salary with an annual pay review. You will also have access to an extensive range of benefits via our flexible benefits scheme including 25 days holiday (which will increase to 30 days based upon length of service) and private medical insurance. Main Responsibilities
As a Senior Information Security Assistant your day to day remit includes:
The Ideal Candidate
- Act as the deputy for the ISO
- Continue the enhancement and implementation of information security and data processing policies and standards across the firm and in particular, auditing and maintaining our ISO27001 processes and accreditation.
- Assist the information security team
- Assist the firm wide information security forum
- Assist on client info sec audits
- Act as a point of reference on best practice in relation to IT governance, controls and practices across the firm
- Offer training on aspects of information security policy to the firm as required.
Our employees are talented people, distinguished by technical excellence, with a willingness to embrace team working and a passion for client service. You will be able to demonstrate a similar supportive, flexible and driven ethos and will have accumulated the following experience and skills:·
- Proven experience of having managed an Information security management system (ISMS) and maintaining ISO27001 certification in a multi-site operation;
- Solid understanding of IT and experience in developing IT governance, controls and best practice processes in the form of the IT infrastructure library (ITIL) and IT service management certification (BS ISO/IEC 20000);
- Considerable experience in undertaking a range of internal and third party audits around Information security, data protection and IT governance and controls;
- Experience in developing physical security best practice processes and controls;
- Good understanding of the Data Protection Act and GDPR provisions;
- Excellent understanding and practical experience of the principles of risk assessment and risk treatment, including operational risk as well as compliance monitoring and reporting;
- Results orientated with good communication and interpersonal skills.
- ·Proven experience writing policies and procedural documentation for IT systems/requirements.
- Excellent verbal and written communication skills and the ability to interact professionally with a diverse group, partners/directors, managers, staff at all levels, external and internal stakeholders, clients and subject matter experts.·
- Strong Knowledge of applications, networks and system vulnerabilities and understanding of attacker techniques to exploit these vulnerabilities.
- Experience with cloud environments i.e. Azure and AWS·
- Experience with project engagements, using waterfall and agile methodology
TLT is committed to creating a diverse working environment and encourages applications from all suitably qualified people, regardless of any of the characteristics protected by the laws in the locations in which we operate.