||£41,500 - £45,877
The Information Security Officer (ISO) role is accountable to the Security and Safeguards Manager (SSM) for carrying out activities in support of the implementation of Cyber Security, Information Assurance and Physical Security and to assist with the demonstration of compliance with national and international requirements, and all internal processes and procedures. The job holder will work closely with and provide support to the Information & Physical Security Manager (IPSM) to ensure that robust and consistent security measures are applied across the site. The ISO must be able to translate the Information risk requirements and challenges/ constraints of the businesses located at Capenhurst into technical control requirements and specifications, as well as develop metrics for on-going performance measurement and reporting. The ISO assists in the coordination of the IT organisation technical activities to implement and manage security infrastructure. The ISO will carry out any security or business-related activity as directed by the SSM or the IPSM acting on his behalf.
• The ISO supports the implementation of the security regime that ensures the protection of the Capenhurst Site aligned to the Group Information Security Strategy. In particular, the ISO is responsible for ensuring the protection of sensitive information (in both electronic and hardcopy formats), ensuring all IT/OT have adequate security to prevent unauthorised access and protection of data at rest, and developing reports in conjunction with the IPSM to share with all relevant stakeholders about the efficiency of security policies and recommend any changes. Provide security advice to projects undertaking work that might create or expose vulnerabilities in IT or OT systems.
• Responsible for carrying out assurance checks of Sensitive Information, to ensure that documents are accounted for, appropriately handled and stored.
• Responsible for supporting the Information Security internal assurance regime and supporting processes. Tracking of Information Security internal and regulatory actions, including those arising from regulatory exchanges, ensuring that actions are fulfilled and timely responses are provided.
• Coordinate effective reporting of security events.
• Assist the IPSM with the delivery of a security culture for Information/ Physical security which is fully aligned with the business process, relevant aspects of safety/security and risk management, and regulatory requirements. Working with the Group InfoSec team, responsible for delivering Capenhurst Information security communications, awareness and training activities, ensuring that these are aligned to internal and government policy and standards.
• Responsible for auditing Security in the Company’s supply chain regarding requirements and classified contracts. This includes inspections / due diligence checks of third parties and management and/or production of Security Aspects Letters.
• Production of security documentation in support of the security function, as directed by the IPSM.
• The ISO will carry out any security or business related activity as directed by the IPSM.
• A relevant degree or information security qualification
• Demonstrable experience of driving information security improvements
• Experience of audit processes
• Experience of proactive risk management
• Ability to work effectively with business managers, IT engineering and IT operations staff.
• The ability to build strong relationships at all levels and across all business units and organisations.
• A strong understanding of the business impact of information security measures.
• Capability to guide company personnel on information security matters and work with minimal supervision.
• Experience working with legal, audit and compliance staff.
• Evidence of maintaining policy, procedures, standards and guidelines.
• Experience in providing security guidance and undertaking assurance reviews of security procedures in a regulated environment.
Specific know how and technical skills
• Generalist understanding of information security management systems such as ISO27001 or NIST
• The ability to discuss and explain information security concepts in business language and vice versa
• Excellent verbal, written and interpersonal communication skills.
• Strong analytical skills to analyse information security requirements and find a pragmatic balance with business requirements.
• Ideally, working knowledge of applicable national, international and regulatory information security standards and frameworks (or an equivalent industry).
• Good understanding and practical experience in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
• An understanding of IT and network systems and their vulnerabilities and the ability to work with technical specialists to develop solutions.
• Excellent negotiation and influencing skills, with the ability to achieve successful outcomes where some factors are outside our control