Your new company

A key government organisation with a strong vision for a better and safer environment for us all. You'll be part of a team that brings together some of the most brilliant minds from around the UK, working across many specialisms - scientific, engineering, safety, operations, commercial, community engagement, and regulatory - to name a few. \"We recognise that our people are our greatest asset. We're committed to providing an environment where you will feel valued and respected\". A brand new position has arisen for an Information Security Advisor

Your new role

The Information Security Advisor will lead individual portfolios which comprise the core services of information's security team. It's a hand-on role that will involve the gathering and analysis of many types of data from technical assessment of security controls, system architecture, conducting audits, through to the analysis of our supply chain.
We develop and strengthen relationships within the business by providing timely, technical and procedural advice and recommendations throughout the system and information asset lifecycles, from concept, operations, archival and through to deletion. Ensuring that key technical partners and business stakeholders are well informed and professionally guided through our technical processes and assessments, translating the technical into the understandable
The role holder will be assigned to a portfolio of work, becoming the point of contact for that portfolio: Improvement & Engagement, Secure by Design, Information Assurance, Information Risk or Cyber Operations. There is the opportunity to change portfolios throughout to aid career development and gain a breadth of experience.

Responsibilities
The role holder will not be expected to complete all these accountabilities, but those relevant to the portfolio of work they are leading:
• Be innovative and engage with business stakeholders to ensure security is built into the design stages of projects.
• Lead for your portfolio along-side Digital and IT teams through delivery of technology and data programmes providing advice and assurance throughout design, implementation and testing.
• Conduct cyber and information risk assessments on new IT and OT (Operational Technology) projects to ensure that information risks are minimised to an acceptable level
• Produce reports for the Chief Information Security Officer (CISO), and Senior Information Risk Owner (SIRO)
• Collate, manage and escalate risks derived from risk assessments into a central risk register, maintain the risk register and generate regular risk reports for the attention of the Chief Information Security Officer
• Manage and perform Information Security assurance activities in accordance with the assurance programme.
• Create, review, monitor and evaluate documents within the Information Security Management System (ISMS) ensuring that it is fit for purpose.
• Ensure the business is in compliance with the Information Security Management System ensuring information assets and technologies are adequately protected.
• Manage and conduct technical testing and assurance as directed by the Information Security Plan
• Manage, plan and conduct information security technical monitoring.
• To regularly liaise with the Managed Service Providers Client Security Manager to obtain the latest security reports and initiate any investigations into them where needed.
Develop and manage robust business continuity plans and cyber incident response plans.
• Working in partnership with duty managers, system owners and the NDA to develop and maintain an effective cyber exercise programme.
• Provide 2nd stage technical initial incident response to information security incidents and factor lessons learnt from incidents into the Information security policies and processes.
• To Organise, facilitate and manage the outcomes from regulatory interventions.
• Promote an information security aware culture across all levels of the business using a variety of methods.
• To work closely with the Data Protection Officer (DPO) in personal data matters.
• To consider Equality Diversity & Inclusion (ED&I) in all conversations and interactions, ensuring you treat all individuals equally, respectfully and in line with business ED&I principles.

Additional Responsibilities

• Complete activities as directed by the CISO or Information Security Principles outside of the assigned portfolio, where business demand requires.

What you'll need to succeed

Knowledge, Skills and Experience

Essential
• Graduate (min 2.1) in relevant discipline or holder of a relevant recognised professional qualification, together with typically more than 3 years relevant experience.
• Must hold 2 relevant professional certifications such as but not limited to:
o ISO 27001 Lead Auditor.
o Certified Incident Handler
o Certified Network Defender
o Certified Ethical Hacker
o Cloud Security Essentials (SANS or equivalent)
o Public Cloud Security (SANS or equivalent)
o Certified Security Risk Manager (CSRM) or Certificate in Risk and Information Control
o ICS/SCADA Security Essentials (SANS or equivalent)
o Equivalents or other relevant certifications will be considered.
• Certificate in Information Security Principles (CISMP)
• Experience of managing and applying procedures and methods relevant to the field together with a full understanding of underlying principles.
• Good written and verbal communication skills.
• Experience of applying management frameworks directly relevant to Information Security such as ISO 27001, HMG Security Policy Framework, Government Security Standard 007, NIST 800-53
• Experience of applying and interpreting security legislation and regulatory objectives and requirements relevant to Information Security e.g. Data Protection Act, Computer Misuse Act and Freedom of Information Act, Nuclear Industry Security Regulations, ONR Security Assessment Principles.
• Experience of applying and managing key concepts such as; threats, threat actors, vulnerabilities, likelihood, business impacts, aggregation, information assets, asset values, risk appetite, risk tolerance etc.

Desirable
• CISSP (Certified Information Systems Security Professional)
• Professional membership or chartership of a relevant organisation.
• Nuclear industry cyber security experience.
• Operation Technology in a regulated industry experience.
What you'll get in return

Competitive salary, package and good pension.
Collaborative working environment and friendly team.
Stable organisation with 5 year growth plans.
Flexible working options available.

What you need to do now
If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now.
If this job isn't quite right for you but you are looking for a new position, please contact us for a confidential discussion on your career.