This job has expired

Information Assurance Lead

Talent International
Closing date
23 Jul 2021

View more

Technology & New Media
Contract Type
You need to sign in or create an account to save a job.
Information Assurance Lead
6 Months
£400 per day. Outside IR35
Remote for foreseeable. When the risk of COVID infection is eliminated or much reduced, many of the team's activities will take place at our offices in Edinburgh.

An experienced Information Assurance Lead is required to support Registers of Scotland's Risk and Information Governance function in the improvement of its Information Security Management System (ISMS), and the development of its broader assurance offering. The role is required to respond to our development needs around information security governance, policy, practice and culture, responding to the outcomes of audit and other assurance findings, and moving our existing ISO27k aligned ISMS to a position of 'certification readiness'. The postholder will lead the identification, analysis, prioritisation and control implementation of our non-technical security risks, working closely with our established governance groups and colleagues across RoS engaged in the wider information security and assurance agenda
The Risk and Information Governance Service sits within the Corporate Services Directorate and provides risk, compliance and assurance services across our organisation. We are building an increasingly mature information security risk management capability, facilitated in collaboration across our established IT Security and Identity Team, our Risk and Information Governance Team, and wider teams and stakeholder groups engaged in the security agenda (for example our People and Estates functions). Our established governance groups will be a principal client for the post-holder's work, working in consultation with the Head of Risk and Information Governance, The Head of Digital, and the IT Security and Identity Team Lead. The post holder will work with existing team members and subject matter experts across these areas of responsibility and more widely, to achieve the desired outcomes.
Our organisational objective is to achieve confidence in the effective operation of our ISMS, such that ISO27001 certification at a future point is achievable. You will play a lead role in achieving this, facilitating, influencing and coordinating across our stakeholders. You will add value to our existing practice, identify non-technical security management solutions, and support their delivery.
During the six-twelve months of this contract, the completion of the following items of work and objectives are required:

Author for approval a number of non-technical information security policies and standards
Facilitate security risk assessment exercises with business stakeholders
Record, assess and prioritise identified security risks
Work in partnership to produce and deliver against risk treatment plans
Monitor and report on risks and control implementation
Coach, mentor and knowledge transfer with stakeholders at both decision making and practitioner levels
Design and implement a security incident management and reporting process
Develop a security awareness and exercising programme to meet the organisation's needs
Develop an Audit Plan for our information security management system
Coordinate and assist in the implementation of our ISMS Audit Plan
Coordinate and assist in the internal audit of our ISMS
You will also contribute and add value to:

The improvement and migration of our information security risk register
The improvement and migration of our information asset register
The improvement of our supplier due diligence processes
The development of our wider strategy for an enduring information assurance function
Essential skills
The successful candidate will have a strong understanding and background in nontechnical information security and risk management, but the ability to effectively collaborate, orchestrate and deliver is essential.
Certified Information Systems Security Professional (CISSP) or equivalent
Certified ISO27001 ISMS Lead Implementer, Lead Auditor or equivalent Significant and demonstratable experience in the following areas:

Risk management practice (identification, scoring, prioritisation, etc)
Information assurance functions
Aligning security documentation to required recognised standards, including ISO27001
Leading organisations through significant security certification activities, such as ISO27001
Building security capability, training and awareness or security exercising programmes
Designing information security incident management procedures
Desirable Skills
Certified Lead Implementer Business Continuity Management Systems or equivalent
A sound background in all areas of Information Security, with an emphasis on: o Audit o Risk o Compliance and Assurance o Business and Process Analysis
You need to sign in or create an account to save a job.

Get job alerts

Create a job alert and receive personalised job recommendations straight to your inbox.

Create alert