Information Security Officer
Information Security Officer
My client, an international insurance provider are currently looking for a permanent Information Security Officer to join their team. This role can be based from their Surrey or Berkshire site. You will sit in a team of three in the UK, facing out to the wider international teams. This is an extremely exciting time to join the business as they are going through a huge technology transformation. This is a diverse role where you can work across multiple areas of information security. You will have the autonomy to run projects, as well as facing out to multiple third parties and stakeholders. If you are looking for a role within an organisation that recognise the importance of security, and have the level of investment they need into this area of the business, then please get in touch for more details.
- To take ownership and responsibility for aspects of the overall service, working pro-actively to prioritise multiple deliverables, meet deadlines, and identify and formulate process and documentation enhancements.
- Contributes to the development and maintenance of the organisations information security policies.
- Third party supplier assurance.
- Engages with projects and initiatives across the business to provide specialist information security advice, input and review during the full lifecycle. Works collaboratively including with Agile teams, Architects and the Information Security Manager to embed a risk-based approach and ensure security requirements are identified and implemented appropriately.
- Works closely with multiple stakeholders throughout the organisation to ensure that security is at the forefront of all business processes.
- Contributes to Supplier Security oversight, including initial security assessments, assessments throughout the relationship and incident management of any Information Security incidents should they occur.
- Contribute to the delivery of specialist security education and training to management and staff.
- Assists in governing the policies for security tools.
- Participates in local and corporate incident response processes and resolution management.
- Produces appropriate and practical performance measures as required, to ensure that information assurance priorities set by the business can be effectively monitored.
- Provides a high level of consultation on incoming information security requests from across the organisation.
- Maintains a strong understanding of developments in security threats, new technology and the associated security controls.
Required Knowledge and Skills:
- Strong consultative and communication with the ability to influence key stakeholders towards the adoption of good Information Security practice.
- Strong Knowledge of technical security controls, threats and vulnerabilities and current IT and security best practice approaches and frameworks (ISO27001/2, SSAE16, ITIL, NIST Cybersecurity Framework).
- Ability to analyse Information Security risks and understand complex business processes quickly.
- Strong knowledge of current information security & legislative standards and regulations such as PCI-DSS & data protection.
- Experience in project management principles - SCRUM. Prince etc.