Information Security Officer
Would you like to work for charitable housing organisation that helps to tackle poverty by providing affordable housing in London and Southern England to those who need it.
The information Security Officer opening will be a challenging role, as part of a growing team & business. You will add significant value by providing support to employees across the organisation. The role requires excellent communication skills, both written and verbal, with the natural ability to network and build effective relationships within the departmental team(s) and with key stakeholders across the organisation.
Purpose of the role:
To promote Information Security (InfoSec) and champion best practices and compliance. You will proactively engage with all areas of the business, building effective, long term partnerships with internal and external stakeholders to enable the business to achieve its objectives. The post supports the bridging into the fields of risk management, regulatory compliance and security, and will develop relationships with all group entities and external agencies to ensure alignment of responses and best practice.
To establish and implement effective working arrangements & practices to ensure a consistent level of service delivery in line with the company business plan.
To monitor and review the internal and external environment to ensure compliance and best practice are adhered to.
To prepare, monitor and deliver individual and team targets/budgets
To externally represent and promote the organisaion effectively by creating a consistent, professional and positive image.
To lead and promote a positive health and safety culture in accordance with company policies and procedures.
To assist in developing and maintaining Information Security programme
To assist in the maintenance of the Information Security Risk Register by identifying, escalating and driving change to reduce risk.
Lead the delivery of education and awareness training programmes for all staff, to create a positive Information Security culture.
Evaluate the effectiveness of the Information Security training programmes
Establish mechanisms to test the effectiveness and value of the programmes provided, making changes according to user feedback
Assist in driving change to achieve and maintain essential Security and Compliance certifications (eg. Cyber Essentials+)
Lead the Information Security incident response process (eg, identification, containment, resolution and lessons learned)
Lead security breach investigations, working with key departments as required (Human Resources, Risk Team - Fraud, Facilities - Physical Security)
Evaluate processes and procedures identified as contributing factors toincidents, make recommendations for improvements to the affected business unit(s) senior leadership and drive those improvements through to implementation
To assist with Business Continuity, Emergency Response, and contribute to continuous improvement of physical security standards and delivery.
To assist in managing Information Security vulnerability assessments
To be the trusted adviser regarding innovations in Information Security practices, technologies and demonstrate their value.
- Experience implementing best practice and compliance in Information Security
- An understanding of or practical experience of applicable UK Laws, regulations and standards. (eg. Cyber Essentials, PCI-DSS and GDPR)
- Knowledge and experience of Office 365 and or Azure
- An understanding of IT functions, how Information Security integrates and supports these areas
- Use initiative - demonstrates a 'can do' approach
- Excellent written and communication skills tailored to desired audience
- A flexible approach to tasks and prepared to assist in matters outside of business as usual scope
- Able to listen to, understand and respond to business requirements, willing to negotiate and influence compromise across conflicting requirements to produce high level and innovative solutions/approaches
- Confident in the use of different communications channels eg blogs, podcasts, online training and social media
- Ability to work with and willing to travel across all support functions in the business and subsidiaries
A relevant undergraduate or postgraduate degree, or industry recognised certification, such as, CompTIA Security+, CISA, CRISC, CISM, or relevant equivalent work experience