Information Security Specialist

Information Security Specialist

Based in Stoke

Permanent Opportunity

Salary between £55,000 - £60,000 per annum

up to 1-2 days a week remote

*Please note this role requires Security Clearance

Job Description

The Information Security Manager will play a key role in defining, managing and ensuring the company is compliant with all aspects of IT security. The role will support the delivery of a variety of innovative, accreditable, cost efficient and profitable solutions to comply with the security classification system. These solutions are operated at a variety of company and customer's premises and are the foundation for the Company's secure managed ICT services to public sector customers.

Responsibilities

• Mentor junior members of the security team.

• Lead the security accreditation and assurance processes for new and enhanced services which the company offer to our customers.

• Planning Information Assurance Capability:

• Develop and maintain Information Security Management System (ISMS) to best support the Company's activities, including Risk Management and Accreditation Document Sets and Company Security Policies.

• Examine any risks to the Company's information security and put in place policies to manage those risks.

• Develop, maintain and continually improve a set of controls and measures to manage any threats to information assets.

• Plan and maintain compliance with the variety of security requirements that the Company meets.

• Monitoring Information Assurance

• Coordinate and implement all protective security activities including physical security.

• Accountable for information governance, including annual assessments and risk management.

• Monitor the operation of the Company's Information Security Management System.

Implementing Information Assurance:

• Perform the role of Incident Manager during any security incidents and emergencies, ensuring that all business recovery/contingency plans and/or procedures are actioned accordingly.

• Act as focal point for any investigations involving security; to prepare reports and note follow up action. Report any significant security breaches to the to the Operations Board; undertake full investigation; recommend remedial course of action.

• Manage the Company's Information Security awareness, education and training programme.

• Maintain and develop relationships with appropriate suppliers, including consultants and service providers.

• To be the Company's Security Controller, providing advice as necessary and implementing company security policy.

Qualifications (Essential)

• CISSP/CISA/ CISM desirable or equivalent professional experience.

• Must hold or be able to gain national security clearance to the Developed Vetting level.

• To meet government policy requirements, must be a British national.

Skills and Experience.

• Experience in risk and regulatory frameworks and standards, such as NIST, ISO27001, MOD JSP440, JSP604 (Essential)

• Proven track record in Information Security and Assurance and deploying continuous improvement initiatives. (Essential)

• Initiative and pro-activity, matched by an ability to be a strong member of a team. (Essential)

• Willingness to work flexibly in response to changing organisational requirements. (Essential)

• Solid communications skills - including the ability to influence employee behaviour and perceptions. The best security policies won't be effective without buy-in from all employees; (Essential)

• A keen understanding of technology and the ability to leverage this knowledge to implement effective security solutions (Preferable)

• Experience of managed service environments, with an awareness of ITIL best practice. (Preferable)