Title: Information Security Officer (Risk Management)
Company: Health Tech
Location: Home based
We are looking for an Information Security Officers (ISO) to act as a partner, adviser, and authority in the implementation of the organisations risk management framework.
The nature of your workload will vary from assurance and assessment of infrastructure and applications through to advising technical and business colleagues on options for secure systems.
This is both a business facing, and technical role and you will be expected to be able to operate and balance the needs of both.
• Acting as a security subject matter expert supporting service owners in obtaining and maintaining conformance to business risk tolerances.
• Providing briefings to governance boards and key stakeholders on risks to new and existing services.
• Ensuring alignment to appropriate standards and recommending suitable control improvements. Evaluating and raising risks to confidentiality, integrity or availability.
• Advising and guiding business services on maintaining compliance with relevant legislation, i.e. DPA 2018, NHS - Data Security and Protection Toolkit and others.
• Contributing to the implementation and development of supporting policies.
• Maintaining a frequent security partner relationship with specified high value services through their service life.
Experience & Skills:
• The ability to build and maintain strong working relationships with both internal and external stakeholders.
• The ability to analyse disparate or incomplete sources of information and provide value added assessments for use in business contexts.
• Evidence of making good judgements and recommendations to senior stakeholders and management.
• Excellent written and verbal communication skills.
• Ability to demonstrate that you comprehend the value of managing expectations and have a proven track record of doing so.
• A broad knowledge of technologies, including common vulnerabilities and exploits
• A comprehensive knowledge of security controls for modern digital services.
• Familiarity with the NCSC suite of security policy, guidance and standards.
• Experience in using good practice standards such as ISO 27001 (Implementation, Compliance, Certification and audit reviews).
• Experience of undertaking information security in both a waterfall and an agile context.
• Experience of Security Architecture Design.
You will hold one or more of the following qualifications:
• SABSA Chartered Security Architect - Foundation Certificate (SCF).
• Certified Information Systems Security Professional (CISSP).
• Certificated Information Security Manager (CISM).
• CompTIA Advanced Security Practitioner (CASP+).
• ISEB Practitioner Certificate in Information Risk Management.