Cyber Security Information Assurance
-
Job ref:
CCA/1173694/001_1641844638
-
Location:
London
-
Sector:
-
Job type:
-
Salary:
£45000 - £55000 per annum
-
Contact:
Charlie Cameron
-
Email:
-
Published:
over 1 year ago
-
Start date:
ASAP
Cyber Security Information Assurance
* Fully remote based
* Salary - £45,000 - £55,000
* Must hold SC or DV clearance or be eligible to gain
Key responsibilities:
Responsible for information security risk management and reporting
Collaborate closely with domain experts and represent SSCL on government and industry forums
To assess and manage information risk from external parties engaged by SSCL
Responsible for ensuring the implementation and delivery of information security for SSCL and its clients, in line with published strategy, policy, and industry good practice (e.g. NCSC Cloud Security Principles, ISF Standard of Good Practice or ISO/IEC27001)
Ensure compliance with relevant legislation regulations and contractual requirement
Work with Information and Operational Security Manager(s) to develop and implement an effective information security awareness programme for SSCL staff and contractors
Develop and define security policies, standards, procedures and guidelines in line with industry good practice and certification requirements (e.g. ISO/IEC27001)
Define the approach to IT health checks/vulnerability assessments and penetration testing with SSCL and for SSCL's suppliers' services
Evaluation and recommendation of security techniques and methodologies to protect SSCL and its supplied services against logical and physical threats
Provide assurance to external accreditors, auditors, clients and external organisations of compliance with certificated standards, assurance and accreditation requirements
Required skills
You need to have:
Highly qualified security professional who is a security subject matter master and must have a security certification (e.g. CISSP, CISM, CCP,CRISC)
Demonstrable ability to lead a team of security experts to deliver enterprise strategies and solutions
Strong financial, commercial and leadership skills
Takes initiative to keep own skills up to date and to maintain awareness of security industry good practice. Ensures that others do likewise within the Area
Ability to tackle problems with an analytical and systematic approach.
Experience of implementing - information security risk management methodologies, management, and assessments
Knowledge of risk assessment methodologies and assessments, penetration testing, vulnerability management, threat management, BCM/DR, patch and virus compliance, cryptography and physical security
Personnel management
Good interpersonal and influencing skills
It would be great if you had:
Familiarity with information security standards such as ISO27001/2; ISF Standard of Good Practice; Payment Card Industry Data Security Standard; Sarbanes Oxley; IT
Security architecture (TOGAF and SABSA) and government requirements (HMG SPF), as well as relevant legislation and regulation
Relevant CLAS/CCP certification, is a desirable but not essential. However, the candidate must be able to demonstrate the risk identification and management skills associated with those qualifications
