Being responsible for protecting the business against cybercrime, you will be the internal specialist for Information Security, Data Protection and GDPR. You will be tasked in improving the business's security resilience, providing proactive and pragmatic advice as the internal information security expert to the organisation. In this stand alone role, you will:
- Be responsible for the management and maintenance of their systems to ensure continuing ISO 27001 and managing associated external continual assessment visits.
- Take a proactive approach to mitigating risk by working with stakeholders to maintain and monitor the internal Information Security Risk Register.
- Engage with stakeholders to implement information security policies and procedures that meet external standards and internal needs of the business.
- Chair, document and coordinate the activities of the Information Security Committee.
- Provide direct training and oversight to all staff, partners and or other third parties.
- Take the lead and initiate, facilitate, and promote activities to create Information Security awareness and best practice within the organisation and ongoing awareness and education activities.
- Perform Information Security Risk Assessments and Privacy Impact Assessments for the company.
- Support the wider business on impact assessments, business continuity, disaster recovery and data protection risks.
- Acts as an Internal Auditor for Information Security Incident issues and manages the Information Security audit plan including identifying areas of good practice, areas for improvement and any training needs.
- Responsible for managing the Information Security Incident Process and ensuring that any mitigation measures are implemented and reviewed.
- Proactively advises the business of current and emerging cyber threats and provides information about Information Security technologies and related regulatory issues
- Act as the Data Protection Officer including coordinating and responding to subject access requests.
- Works with external consultants on the implementation of GDPR.
- Responsible for keeping abreast of current and emerging security threats, technologies and legislative changes.
- Managing the Supplier on-boarding process
You will be an experienced Information Security professional who can deliver a commercial, pragmatic, effective and risk based approach to activities that provide appropriate access to, and protect the confidentiality, availability and integrity of Client, Staff and the company's information. Ideally CISM or CISSP certified you will experienced in ISO 27001:2013 and possess knowledge of best practice standards for Information Security and Cyber Security (e.g. Cyber Essentials and Cyber Essentials Plus). In addition you will have:
- Experience in information security management and control and collaborating with stakeholders to mitigate risk while delivering business improvements
- A broad understanding of information security risks, issues and measures and providing business focused solutions.
- Comprehensive knowledge of current security management tools/ technologies and the external legislative landscape
- Experience of data protection and knowledge of GDPR.
- Effective interpersonal, consulting, persuading and negotiation skills across all levels
- Experience of developing and delivering information security related training programs
This role could suit either a seasoned Information Security Manager who an experienced Senior Analyst looking to make the step up.