Information Security Officer
- Do you know your blue team from your red team?
- Do you know your information security ISOs?
- Do you enthuse in designing training to make sure people keep their information safe?
- Can you train people about Information Security, from the senior managers through to junior new starts?
- Can you maintain and manage Information Security risk registers?
If you can answer yes to all of the above, then I have just the opportunity for you?
The opportunity is within a Finance organisation’s Information and Cybersecurity team (IST). The Information Security Team, led by the Information Security Manager (ISM) is a service provided across all business functions and services, and sits within the risk management function, known as First Line Risk (FLR).
You will be joining the team at an exciting time. This is an opportunity to influence and shape things that you will own. The IST is developing a solid foundation in information and cybersecurity, including the design, development, implementation, and continuous improvement of an Information Security Management System (ISMS) aligned to the International standard, ISO/IEC 27001:2013/COR 2:2015. Alongside this will be the development and implementation of the information security risk management framework.
One of the key areas of the role will be to work close with the Learning and Development (L&D) team to build and deliver an information and cybersecurity training programme, elementary to advanced, across all levels of the company, and to develop with the IST Blue Team, Communications, and L&D ongoing awareness campaigns to all company employees and customers.
Consistent with the fast pace of change in the company you will work closely with the ISM, deputising on their behalf when required, to ensure transformational changes (digital and / or digitised) projects include from the outset information and cybersecurity needs with sound security patterns through information assurance architecture.
This is a new and exciting role in a fast-developing Information Security Team.
- Work with the ISM and Project Manager to implement the Information Security Management System (ISMS) to the requirements of the ISO/IEC 27001:2013/COR 2:2015
- Liaise with the business on policy, process (procedure), development.
- Work with the ISM and 1st Line Risk to implement Information Security Risk Management
- Liaise with the business asset and risk owners.
- Work with the ISM and Learning and Development (L&D) to
- Communicate the objectives of an ISMS across all levels of the business.
- Information security training across all levels of the business.
- Develop with the ISM, Blue Team and L&D to develop awareness campaigns.
- Support the Blue Team learning and skills development.
- Act as a point of contact for the Blue Team / business during on-going incidents.
- Act as an escalation point for the Blue Team.
- Coordinate and collate all Information Security Team metrics.
- Liaise with Internal Audit to coordinate internal assessment / audit schedules, manage outcomes from assessments (non-conformities / non-compliance), work with the ISM / Blue Team / Business to determine root cause and develop remediation plans.
- Track changes in legislation / regulation and communicate changes as required.
- Monitor external SLA and internal OLA to ensure compliance with requirements relevant to information and cybersecurity policy.
The list below of Experience, Knowledge and Qualifications have been labelled as Essential or Desirable. Whilst you may still be a credible candidate if you come up short on a couple of “Essentials”, please do only apply if you can tick most of them. For the “Desirables”, the more you have, the better you will fit the role, but not having them does not mean you shouldn’t apply for the role.
- Demonstrable experience in implementation of an ISMS to the International standard (Essential)
- Demonstrable experience in information security risk management (Essential)
- Demonstrable experience in designing, developing, and delivering information and cybersecurity training across all levels of a business (Essential)
- Demonstrable knowledge of the ISO/IEC27xxx family of documents (standards, codes of practice, guidelines (Essential)
- Demonstrable knowledge of ISO 31000:2018 and ISO/IEC 27005:2018 (Essential)
- Demonstrable knowledge of information security risk management software tools (Desirable)
- Demonstrable knowledge of NIST Cybersecurity Framework (CSF) and NIST SP800-53r5 control frameworks (Essential)
- Demonstrable knowledge of legal and regulatory frameworks (UK-GDPR, EU-GDPR, PECR, CMA90 with amendments, Financial services regulations (Essential)
- Demonstrable knowledge of 1st, 2nd, and 3rd party audits (Desirable)
- Demonstrable knowledge of the activities required of Blue Teams, Red Teams, Pen Testing, Vulnerability Assessments (Essential)
- Demonstrable knowledge of Architectural frameworks (Enterprise – Zachman or similar; Security – SABSA or similar) (Desirable)
- Must be able to interface and coordinate work effectively demonstrating strong project management skills (Essential)
- Excellent written and verbal communications skills as appropriate for the needs of the audience (Essential)
- Detailed knowledge of the workings of similar Financial Services organisations (Essential)
- Excellent organisational skills: ability to balance priorities to meet multiple deadlines (Essential)
- Team oriented self‐starter, with high degree of initiative coupled with the ability to work independently (Essential)
- Ability to function in a high paced environment to meet high pressure deadlines (Essential)
- Ability to build and maintain strong working relationships (Essential).
- ISO/IEC27001 Lead Auditor (IRCA or similar) or Lead Implementor (Essential)
- PGCE or Cert.Ed. (Adult, Higher education) (Essential)
- ISC2 SSCP (Desirable)
- Security + (Desirable)
- Network + (Desirable)
- Security / Information Assurance Architecture, SABSA, BCS PCiIAA or similar (Desirable)
Well apart from the obvious great role to get your teeth into, my client is a company that cares about both its employees and the community. They build great careers for their employees whilst being considerate to family commitments and working patterns, and they also play an active role in the community with each employee being given the opportunity to work one day a year for a charity. They care!
The package surrounding the role is pretty good too:
- Competitive salary
- 24 days annual leave plus 8 public holidays
- Company pension scheme (5% employee, 7% employer)
- Healthcare and life cover
- One paid charity day per year
- Collaborative, supportive organisation committed to developing full potential.
- Industry recognised qualifications (if applicable)
- Excellent opportunity for career progression based on delivery, output and alignment to the business values.
- Access to Mental Health First Aiders and an extension Employee Assistance Programme
- This position will be considered working full time, but which can be family friendly hours. Job share will also be considered.
Currently, due to Covid, the role is fully remote, however upon a return to normal working conditions, the succesful candidate must be within an easy commute of the office for 2-3 days of the week.
Apply or get in touch for an informal discussion around the role.