After hiring an Information Security Manager last year, I'm working again with my client as they seek to strengthen their security team with an Information Security specialist. This is an exciting time to join a newly formed function who deliver both technical and governance security to a multinational business. You'll be working directly for the Infosec Manager, becoming their right hand as they develop an immature information security team.
To achieve this you'll be required to implement and manage security policies and processes that will help protect information and assets as well as develop and mature security governance across the group. You will act as a security governance specialist and internal consultant in all security matters. This role supports the security operations activities undertaken by the IT Infrastructure team but is not a technical role.
The role holder is responsible for security governance activities across the group and interacts with local markets globally. Long term there are plans for ISO27001 accreditation, and new information security management system (ISMS) and quality management systems are being implemented.
Remote working is available, however you will be required to visit their Headquarters in North Yorkshire occasionally.
- Drafting, publishing and managing security policies across the group
- Identifying, assessing and managing Information and IT risks
- Coordinating supplier due diligence activities as part of supplier onboarding and ongoing supplier assurance
- Coordinating security awareness activities with 3rd party suppliers as well as delivering ad-hoc awareness sessions and material
- Producing security metrics and supporting KPI reporting activity
- Supporting the implementation of security frameworks and managing maturity assessments
- Coordinating the response to internal audit activity and performing security audits
- Coordinating the response and remediation of security related external audit activity.
Key experience required:
- Knowledge of security frameworks such as ISO27001 and NIST CSF
- Policy design and implementation
- Supporting and performing audit activity
- Producing security metrics and reporting security programme performance
- Risk management
Desirable but non-essential criteria:
- Professional security certification(s)
- Experience in the manufacturing sector
- Delivering security awareness
- Security framework certification implementation
- Supplier due diligence
- Managing 3rd party penetration testing activity
Bank or payment details should never be provided when applying for a job. For information on how to stay safe in your job search, visit SAFERjobs.Report this job
"Office Assistant jobs in London"
'Saved search name'