Log In Sign Up

Information Security Consultant - West Midlands

Premium Job From BCT Resourcing

Recruiter

BCT Resourcing

Listed on

12th December 2019

Location

Birmingham

Salary/Rate

£55000 - £60000

Type

Permanent

Start Date

2019-12-12

This job has now expired please search on the home page to find live IT Jobs.

Information Security Consultant (Compliance)

West Midlands

£55000 - £60000 per annum

The Information Security Consultant will lead on the development, implementation and maintenance of a Group level information security management system and supporting policy framework. They will assume responsibility for the delivery of Group security governance and risk management, including compliance requirements arising from the execution of the information security strategy.

You will be required to create information security policies, implement a framework to manage information security risk, design and deliver end-user security training, and undertake reviews of information security across the Group as well as undertake security reviews of new technology implementations, delivered as part of a wider IT transformation programme.

Responsibilities:

* Coordinate the implementation of information security policies and procedures across the Group.

* Operate the policy exemption process and manage local variances in accordance with perceived levels of risk.

* Deliver information security audits to assess the status of information security across the Group.

* Track activities required to achieve compliance against policies, applicable regulations and internal / external audit findings.

* Implement and maintain the information risk management framework including risk assessment methodology and templates.

* Deliver the information security education and awareness programme aligned to business requirements and commercial best practice.

* Create and distribute information security communications, including articles, alerts and hot topic information.

* Coordinate the activities of internal / external resources employed to assist with information security compliance activities.

* Assist with the management of security incidents.

* Liaise with the relevant parts of the Interserve administration, including Legal, Facilities and HR, as required.

* Review proposed IT changes at Change Advisory Board to ensure conformance with Group policies and protection of information assets.

Key accountabilities

* Development of a Group-level Information Security Management System, aligned with the requirements of ISO27001 and the ISFs Standard of Good Practice.

* Implementation and maintenance of an information security policy framework (policy, standards and guidelines), reflective of statutory, regulatory and contractual security requirements.

* Coordination of information security compliance activities that serve to protect Interserves information assets and information systems, including security controls implemented at Group level.

* Maintenance of the Groups information risk register consisting of asset, threats and vulnerabilities, including likelihood and impact, providing information to Divisions as required.

Experience:

* An understanding of Governance, Risk and Compliance and its application within a large, complex organization.

* Minimum of 3 years demonstrable experience in information security, with a focus on management systems, policies, standards, architecture and technologies.

* Understanding of defence in depth principles.

* Solid understanding of information security risk management including risk analysis, mitigation, resolution and acceptance.

* Experience of establishing and maintaining an Information Security Management System in a large, complex environment

* Proven track record of supporting the development of information security policies which are easily understood, effective and economical to implement

* Thorough understanding of security technologies and associated functionality

* Demonstrable experience in assessing and managing information security risk in a complex environment

* Demonstrable experience in delivering information security training and awareness activities to a diverse range of stakeholders

Desirable but not essential:

* Understanding of HMG SPF, JSP440, GPGs, List-X Notices.

* A sound knowledge of leading-edge risk management processes and technologies, including IRAM1 / 2.

information security, compliance, birmingham

You are currently using an outdated browser.

Please consider using a modern browser such as one listed below:

Google Chrome
Google Chrome
 Opera
Opera
 Mozilla Firefox
Mozilla Firefox