£42000 - £44000 per annum
Menna Del Jones
21 days ago
Menna Del Jones
Information Security Officer
£42,000 - £44,000
Reporting directly into the Head of Information Governance, this is an exciting permanent opportunity working for our client in Cardiff. The successful candidate will lead the information security function for the company.
The main purpose of the role is also to provide the necessary assurance that all information held across the business is appropriately risk managed and complies with all applicable legislation, and Information Assurance Standards such as ISO 27001. This includes ensuring that appropriate physical, technical and procedural security is in place.
- Lead in the development / adoption and enforcement of Information Security policies, procedures and standards.
- Act as the subject matter expert to senior stakeholders with regards to Information Security.
- Take day to day responsibility for information security for the Senior Information Risk Owner (SIRO) including making routine risk based decisions on for new and existing IT systems.
- Plan, manage and undertake internal and third party compliance audits on IT governance, information security and appropriate controls.
- Manage risk by performing regular risk assessments and communicate findings to senior stakeholders and board members.
- Manage IT risk by providing advice and guidance for new and existing IT systems to ensure that they comply with organisational security requirements.
- Provide advice and guidance on necessary physical security requirements required to protect staff, infrastructure, assets and information. Whilst providing recommendations on cost effective improvements based on threat levels
- Coordinate the Incident Management process, ensuring appropriate mitigating actions are undertaken by relevant departments. Ensure that lessons learned are feedback into the appropriate processes for continual improvement
- Assist Information Asset Owners in embedding information risk management within their day to day business. Specifically this will involve supporting the accuracy and completeness of Information Assets Registers.
- Provide training and awareness on information assurance, ensuring a security culture that is embedded within the business.
- ISEB Certificate in Information Security Management Principle (CISMP)
- Relevant IT certification such as: CompTIA Network +, Security+, or Cisco Certified
- Network Associate (CCNA) qualification.
- And/or Possession of a Computer Science/IT or relevant Degree or equivalent.
- ISC2 Certified Information System Security Professional (CISSP) qualification.
- ISACA Certified Information Security Manager (CISM) or Certified Information System Auditor (CISA)
- Cisco Certified Network associate (Security)
- 3+ years' experience in a similar role Proven compliance experience
- Track record in relationship management
- Experience of the management of Information Security including the establishment of monitoring processes
- Extensive knowledge of ISO/IEC 27001
- Provision of specialist advice, knowledge and opinion on issues relating to physical, procedural, and technical (ICT) aspects of Information Security
- Experience of the development of policies to manage Information Security
- Experience of the development and delivery of training
- Proven influencing skills
- 5+ years experience in a similar role at Senior Management Level
- Experience of designing and delivering training
- People management experience