Cyber Security Information Assurance

Cyber Security Information Assurance

* Fully remote based

* Salary - £45,000 - £55,000

* Must hold SC or DV clearance or be eligible to gain

Key responsibilities:

  • Responsible for information security risk management and reporting

  • Collaborate closely with domain experts and represent SSCL on government and industry forums

  • To assess and manage information risk from external parties engaged by SSCL

  • Responsible for ensuring the implementation and delivery of information security for SSCL and its clients, in line with published strategy, policy, and industry good practice (e.g. NCSC Cloud Security Principles, ISF Standard of Good Practice or ISO/IEC27001)

  • Ensure compliance with relevant legislation regulations and contractual requirement

  • Work with Information and Operational Security Manager(s) to develop and implement an effective information security awareness programme for SSCL staff and contractors

  • Develop and define security policies, standards, procedures and guidelines in line with industry good practice and certification requirements (e.g. ISO/IEC27001)

  • Define the approach to IT health checks/vulnerability assessments and penetration testing with SSCL and for SSCL's suppliers' services

  • Evaluation and recommendation of security techniques and methodologies to protect SSCL and its supplied services against logical and physical threats

  • Provide assurance to external accreditors, auditors, clients and external organisations of compliance with certificated standards, assurance and accreditation requirements

Required skills

You need to have:

  • Highly qualified security professional who is a security subject matter master and must have a security certification (e.g. CISSP, CISM, CCP,CRISC)

  • Demonstrable ability to lead a team of security experts to deliver enterprise strategies and solutions

  • Strong financial, commercial and leadership skills

  • Takes initiative to keep own skills up to date and to maintain awareness of security industry good practice. Ensures that others do likewise within the Area

  • Ability to tackle problems with an analytical and systematic approach.

  • Experience of implementing - information security risk management methodologies, management, and assessments

  • Knowledge of risk assessment methodologies and assessments, penetration testing, vulnerability management, threat management, BCM/DR, patch and virus compliance, cryptography and physical security

  • Personnel management

  • Good interpersonal and influencing skills

It would be great if you had:

  • Familiarity with information security standards such as ISO27001/2; ISF Standard of Good Practice; Payment Card Industry Data Security Standard; Sarbanes Oxley; IT

  • Security architecture (TOGAF and SABSA) and government requirements (HMG SPF), as well as relevant legislation and regulation

  • Relevant CLAS/CCP certification, is a desirable but not essential. However, the candidate must be able to demonstrate the risk identification and management skills associated with those qualifications