This role will provide leadership and guidance on all information security compliance aspects of the Information Security Management System (ISMS) and maintaining security standards such as PCI-DSS, ISO27001 and Cyber Essentials you will maintain and continually improve the way in which our information is controlled. You will enable the business to operate securely and ensure that the impact of security incidents are minimised.
- Implementation & Maintenance of our Information Security Management System (ISMS)
- Development and maintenance of appropriate policies
- Advising on Information Security Compliance for colleagues and suppliers
- Conduct auditing and controls effectiveness reviews
- Managing 3rd party security audits and associated findings
- Appropriate handling and management of security incidents, problems, and changes
- Conducting risk assessments and maintaining the IT Security Risk Register
- Assurance of all key supplier risk activities
- Provide appropriate reporting and management information
- Supporting effective information security awareness to the organisation
- Represent IT Security at Data Governance Team Meetings
- Represent the values of the business (HSSness) and portray a professional and business-like image to all customers, potential customers, and other people you meet in the course of your work
- Be a key driver in serious about safety by leading from the front.
- Carry out other tasks and duties as required
- Broad understanding of technology and security controls
- Incident co-ordination and investigation
- Risk analysis and risk mitigation methodology (ISO27005)
- Auditing and compliance measurement
- Document development (Policies, Standards, Procedures, Guidelines)
- At least 3 years' experience in information security
- Experience of ISO27001/ISMS implementation or audit is essential
- A general understanding of IT Security, both in terms of Security Architecture and also Information Assurance.
- Certified ISO/IEC 27001:2013 implementer or auditor preferable
- Communication skills - being able to effectively communicate (verbal and written)
- Analytical skills - being able to quickly analyse situations and make appropriate decisions
- Personal networking skills - being able to quickly gain the confidence of other people and sustain trust
- Security risk awareness - being aware of security risks and threats and being able to explain those threats to non-IT people in simple terms
Equality and Diversity
HSS Hire is committed to equality of opportunity.