Information Security Specialist
Information Security Specialist
Reporting to the Group Data Protection & Information Security Manager, this key role must understand the business environment, develop solutions to develop their security culture, and help the team to deliver best practice Information Security and Data Protection controls across the group.
The purpose of the role will be to support the development, implementation and management of Information Security and Data Protection solutions and services, including Awareness and Training, Data Loss Prevention, IT Security Reviews, and managing their response to Security Incidents and Data Breaches. Working on a team of IT security professionals and working closely with technical IT teams as well as stakeholders across the business, this role will assist in the development and implementation of policies, standards, processes, and procedures to drive compliance to best practices, including the NIST Framework, ISO27001, and GDPR, ensuring that these practices deliver a class-leading control environment.
The successful candidate will deputise for the Group Data Protection & Information Security Manager in managing information security and data breach incidents across the business. The role also include delivering key projects in their Information Security strategy, supported by our IT Security PMO.
This is a Permanent position reporting to the Group Data Protection & Information Security Manager. This role will be appointed on a personal contract basis.
- Support the development of our Information Security Management System (ISMS) to help ensure delivery of their IT Security Strategy to support business goals while minimising IT, legal and regulatory compliance risks.
- Manage Information Security and Privacy Awareness by developing and delivering training and awareness campaigns to ensure that the organisation is engaged and aware - actively measure awareness activity.
- Support the Group Data Protection & Information Security Manager by assuming the role of Incident Manager as required, and ensure that procedures are adhered to, incidents are managed appropriately and consistently, and are reported in a timely manner.
- Deliver technical IT Security controls reviews and tests to monitor and maintain compliance with Information Security policies, corporate processes, and IT related regulation policies and standards, tracking remedial actions to completion.
- Support IT Architecture in implementing their Security by Design policy, managing projects, delivering controls reviews, including reporting and mitigation management.
- Support the Data Protection Officer in implementing our Privacy by Design principles, managing, and supporting Records of Processing Activities.
- Manage our IT and Cyber Security Risk profile - assess, evaluate, and document IT Risk on an ongoing basis so that IT Management are aware of the IT Risk profile, highlighting changes in risk profile.
- Work closely with IT and business stakeholders to develop Data Loss Prevention and Cloud App Security strategy and support stakeholders in implementing an integrated approach encompassing access procedures for on-premises and cloud-based systems, serving the needs of diverse groups of users across multiple locations.
KNOWLEDGE, SKILLS, AND EXPERIENCE:
- At least 7 years' experience in IT and / or IT Security, with at least 3 years in a technical IT role - preferably with exposure to a range of IT roles, including some or all of the following: IT administration, systems implementation, project management etc.
- Honours Bachelor's Degree and /or master's degree or equivalent in IT or related areas.
- Experience of leading or supporting Data Protection compliance and governance desirable but not required.
- Exposure to working in a dynamic environment - both technical and business in a demanding environment delivering 24/7/365 services to customers.
- Knowledge of systems implementation and management, including configuration of access controls, security settings, patching, change management etc.
- IT and Cyber Security technologies and capabilities - incident response, threat assessment, malware handling and containment, analysing and investigating Indicators of Compromise (IoCs)
- Exposure to some or all of the following: malware protection, firewalls and IDS / IPS, systems administration, client Operating Systems knowledge; Virtualization experience; Vulnerability Management, Security Information and Event Management tools.
- Knowledge of risk management, developing, implementing, and tracking mitigation and remediation actions.
- Experience in developing security awareness and training programmes across diverse channels in a challenging and busy environment.
- Project management and delivery of new systems and services, including exposure to procurement processes.
- Communications and presentation skills - stakeholder management and communications, with ability to write reports and presentations and experience delivering to both technical and non-technical audiences.
- Committed to the company's values.