Based Winchester or London. Compliance / Cyber skilled, (PLACED!)
Our customer is seeking an experienced information security professional to join the Legal & Compliance department, sharing duties with the existing Information Security Team and working closely with the IT and Data Protection teams.
Looking for a range of applications, if you think you have the ability to perform this role however don’t have everything listed below, please do apply. They have a good support function in place to make people succeed.
Basic salary range £35-60k. Pension, discretional bonus schemes etc.
The protection of information is of high importance, both the protection of their client information and their own internal information. This role is central to helping them maintain its information security objectives which in turn:
- Helps to protect client and employee information by complying with an auditable international standard for information security practices.
- Helps to demonstrate that they have evidence of compliance with the GDPR.
- Helps to align where they are with the information security priorities and requirements of current and future clients.
- Demonstrates that they are committed to ongoing improvements to information security processes and strategies.
- Demonstrates that they have practices for identifying and reducing information security risks.
The role is split between:
1) Managing information security risk and maintaining relevant certifications by:
- Organising and managing Information Security Group meetings, ensuring that the Group operates according to its terms of reference and that actions are completed.
- Maintaining the information security risk register.
- Key member of the Information Security and Data Protection Committee that reports to the Board and stakeholder in the Cyber Security and Data Protection Working Groups. Making recommendations to the Technology Oversight Group and senior IT decision makers.
- Providing information security input into data privacy impact assessments and the Project Management Office.
- Maintaining and achieving external certifications, including ensuring that continues to satisfy the requirements of the ISO27001 and Cyber Essentials certifications and managing internal audits and external assessments.
- Designing and delivering training on information security and raising awareness of good information security practices.
- Maintaining information security policies, keeping policies up to date and developing new policies as required.
- Key member of the response team in the event of information security incidents and breaches
2) Supporting the wider business by:
- Responding to questionnaires and enquiries from clients and prospects on information security standards.
- Reviewing information security requirements of clients and, if required, attending calls/meetings with clients and their information security teams.
- Maintaining external documentation on information security practices to provide to clients and assist with tender responses.
- Supporting the business with business continuity and disaster recovery procedures, including responding to client queries on practices and testing of business continuity plans.
- Reviewing the information security practices of suppliers to the company and developing information security due diligence procedures on suppliers.
- Practical experience working in the field of information security, whether as part of a dedicated information security team or within an IT or compliance role.
- Strong business acumen.
- Ability to take a commercial and practical approach.
- Ability to work as part of a team and good interpersonal skills.
- Ability to work on own initiative and prioritise workload.
- Excellent communication skills.
- Able to maintain high standard of professionalism at all times.
- Flexibility of tasks and hours covered and to travel and work from other offices (NB Travel expenses paid where working from alternative offices