£55000 - £60000 per annum
about 2 months ago
Information Security Specialist
Based in Stoke
Salary between £55,000 - £60,000 per annum
up to 1-2 days a week remote
*Please note this role requires Security Clearance
The Information Security Manager will play a key role in defining, managing and ensuring the company is compliant with all aspects of IT security. The role will support the delivery of a variety of innovative, accreditable, cost efficient and profitable solutions to comply with the security classification system. These solutions are operated at a variety of company and customer's premises and are the foundation for the Company's secure managed ICT services to public sector customers.
Mentor junior members of the security team.
Lead the security accreditation and assurance processes for new and enhanced services which the company offer to our customers.
Planning Information Assurance Capability:
Develop and maintain Information Security Management System (ISMS) to best support the Company's activities, including Risk Management and Accreditation Document Sets and Company Security Policies.
Examine any risks to the Company's information security and put in place policies to manage those risks.
Develop, maintain and continually improve a set of controls and measures to manage any threats to information assets.
Plan and maintain compliance with the variety of security requirements that the Company meets.
Monitoring Information Assurance
Coordinate and implement all protective security activities including physical security.
Accountable for information governance, including annual assessments and risk management.
Monitor the operation of the Company's Information Security Management System.
Implementing Information Assurance:
Perform the role of Incident Manager during any security incidents and emergencies, ensuring that all business recovery/contingency plans and/or procedures are actioned accordingly.
Act as focal point for any investigations involving security; to prepare reports and note follow up action. Report any significant security breaches to the to the Operations Board; undertake full investigation; recommend remedial course of action.
Manage the Company's Information Security awareness, education and training programme.
Maintain and develop relationships with appropriate suppliers, including consultants and service providers.
To be the Company's Security Controller, providing advice as necessary and implementing company security policy.
CISSP/CISA/ CISM desirable or equivalent professional experience.
Must hold or be able to gain national security clearance to the Developed Vetting level.
To meet government policy requirements, must be a British national.
Skills and Experience.
Experience in risk and regulatory frameworks and standards, such as NIST, ISO27001, MOD JSP440, JSP604 (Essential)
Proven track record in Information Security and Assurance and deploying continuous improvement initiatives. (Essential)
Initiative and pro-activity, matched by an ability to be a strong member of a team. (Essential)
Willingness to work flexibly in response to changing organisational requirements. (Essential)
Solid communications skills - including the ability to influence employee behaviour and perceptions. The best security policies won't be effective without buy-in from all employees; (Essential)
A keen understanding of technology and the ability to leverage this knowledge to implement effective security solutions (Preferable)
Experience of managed service environments, with an awareness of ITIL best practice. (Preferable)