Join a leading IT infrastructure services company as their Information Security Officer,  to ensure that the organisations Information Security Management System is maintained and the compliance of staff and policies, procedures, guidelines and standards used to support the effectiveness of the ISMS.

Main Duties/Responsibilities

60% Information Security Management System 

• Maintenance of all ISMS Policies , Procedures and relevant standards and supporting documentation as directed
• Scheduling and documentation of all ISG Meetings (e.g. Agenda and Minutes )
• Coordinate the production of all relevant reports and statistical analysis  required for Annual ISMS Management Review meetings
• Maintain and update content of ISMS Action Logs (e.g. Security Incident Log, Security Corrective and Preventative Action Logs, Documentation Reviews)
• Oversee progress of Action log activities assigned to the scope of the ISMS
• Maintain the Information Risk Assessment Spreadsheet and Risk Treatment Plan
• Schedule, monitor and report on Security Awareness Training and Induction Training for all staff within scope of the ISMS

15% Risk Assessment

• Undertake annual risk assessments within scope of the ISMS based on the documented risk methodology
• Identify and agree mitigation with teams and stakeholders within the scope of the ISMS as a result of risks identified
• Identify, document and agree acceptance of risks where appropriate with the risk owner
• Identify, document and agree transfer or avoidance of risks where appropriate with the risk owner
• Ensure transfer of mitigation to Action Log and progress actions in an appropriate timeframe

5% Audit Activities

• Support Audits of Divisional compliance of ISMS Requirements
• Act as Liaison officer between Division and Corporate Quality Team, Process Integration Team, External Audit Bodies and Customers for all Internal, External and Third-Party Auditing activities.
• Assess adequacy of Division Operational Security Procedures

10% Project Activities

• Support Projects that require a security oversight
• Document Security Compliance Requirements
• Identify key security risks to Project Governance by providing a documented risk assessment
• Ensure security risks are monitored ad managed throughout the project
• Be the SME for security governance and compliance
• Support general security activities as required

10% Physical and Logical Access Control

• Physical Security Control monitoring, site perimeter monitoring
• Maintenance and adherence monitoring of access control policies and procedures
• Facilitation of Staff Vetting Customer Requirements
• Critical Success Factors
• Meticulous attention to detail
• Ability to work under pressure to strict deadlines
• Protecting the Security of the company by recognising potential issues
• Understanding of role and dealing with possible conflicts of interest within the division & customers
• Ability to works towards team and individual targets
• Building and maintaining effective working relationships, both internal and external

Knowledge/Skills

• 2-3 years’ experience IT Auditing/Assessments
• Excellent communication Skills both written and verbal
• Excellent Understanding of ISO27001 and ISO27002 Information Security Standard and Implementation
• Good working knowledge of Security related legal and regulatory requirements
• Ability to manage and deliver Projects through to successful conclusion
• Excellent Knowledge of using Microsoft Office, Visio and MS Project. E.g. Word processing , Spreadsheets , Presentations, flow diagrams and Project Plans
• IT Corporate Governance Principles
• Drivers Licence

Desirable Knowledge/Skills

• Previous experience in the delivery of management systems (Plan, Do, Check, Act)
• ISO 22301 Business Continuity
• 3-5 years’ experience in IT Auditing/Security Auditing related role
• 3rd Party Supplier Evaluation and Compliance experience

Qualifications

• IT related Diploma/Degree (3 years)
• ITIL Standards and Practices

Desirable Qualifications

• COBIT, KING III
• ISO 27001 Lead Auditor
• CISM Certification
• ISO 31000 Risk Management