This job has now expired please search on the home page to find live IT Jobs.
An experienced Information Assurance Lead is required to support improvement of its Information Security Management System (ISMS), and the development of its broader assurance offering.
The post holder will lead the identification, analysis, prioritisation and control implementation of our non-technical security risks, working closely with our established governance groups.
* Author for approval a number of non-technical information security policies and standards
* Facilitate security risk assessment exercises with business stakeholders
* Record, assess and prioritise identified security risks
* Work in partnership to produce and deliver against risk treatment plans
* Monitor and report on risks and control implementation
* Coach, mentor and knowledge transfer with stakeholders at both decision making and practitioner levels
* Design and implement a security incident management and reporting process
* Develop a security awareness and exercising programme to meet the organisation's needs
* Develop an Audit Plan for our information security management system
* Coordinate and assist in the implementation of our ISMS Audit Plan
* Coordinate and assist in the internal audit of our ISMS You will also contribute and add value to:
* The improvement and migration of our information security risk register
* The improvement and migration of our information asset register
* The improvement of our supplier due diligence processes
* The development of our wider strategy for an enduring information assurance function
The successful candidate will have a strong understanding and background in nontechnical information security and risk management, but the ability to effectively collaborate, orchestrate and deliver is essential.
* Certified Information Systems Security Professional (CISSP) or equivalent
* Certified ISO27001 ISMS Lead Implementer, Lead Auditor or equivalent Significant and demonstratable experience in the following areas:
* Risk management practice (identification, scoring, prioritisation, etc)
* Information assurance functions
* Aligning security documentation to required recognised standards, including ISO27001
* Leading organisations through significant security certification activities, such as ISO27001
* Building security capability, training and awareness or security exercising programmes
* Designing information security incident management procedures
Fantastic Public Sector client and exciting project opportunity