Cyber / Info Security Strategist/Consultant – Architect – Leeds 674
Salary: £60,000 plus 10% bonus and benefits + free parking
Here we have a brand-new LEAD Information / Cyber Security vacancy, based in Leeds.
Position: Lead Information / Cyber Security Officer
Size of team: 15 FTE's
Main purpose of job:
As a key member of the Information / Cyber Security team, the Lead Information / Cyber Security Officer will be engaged with the business and provide consultative and specialist services to assist and improve its information security posture, ensuring secure business processes and delivering secure services to clients and consumers. You will be the subject matter expert for the business function(s) and will be responsible for ensuring policy is embedded within working practice, risk assessing relevant projects, 3rd parties, and key assets with a preventative risk mindset.
Key responsibilities:
1. Implementation of the Information / Cyber Security strategy and measurement of progress through performance metrics.
2. Contribute to the development of policies, standards, and guidelines and ensure these are embedded within the business.
3. Contribute to the development of awareness and training programmes and assist with delivery to staff and the Information Governance Coordinator community.
4. Provide a preventative risk management service through risk assessing and supporting higher risk projects / initiatives / procurement from the earliest stage.
5. Provide subject matter expertise and guidance to leadership and staff across the group.
6. Ensure information security incidents are reported, managed, and remediated in a timely manner.
7. Ensure exceptions to policy or part of a policy are recorded, assessed, and managed.
8. Support the Sales process for reviewing, assessing, and responding to information security requirements in new contracts.
9. Support client, consumer, and regulatory compliance reviews and activities.
10. Provide regular reporting of the information security status for stakeholders.
11. Contribute to the functional responsibilities of the Information / Cyber Security operation.
12. Any other duties commensurate with the role.
Functional expertise/main job related skills:
1. Enterprise-wide knowledge of Information security, Information governance, Information Security risk management, and Data Protection within the finance business sector.
2. A good understanding of technical security processes, cloud services, and secure software development and testing.
3. Identifying, assessing, reporting, and mitigating information security risks within business processes and personnel engagement, projects, systems, 3rd party and client engagements, and physical / operational environments.
4. The ability to develop and leverage strong relationships with internal and external stakeholders (managers, clients, regulators, and suppliers).
5. A good understanding of agencies and specialist forums to leverage threat landscapes and Information Security best practice (e.g. ENISA, NIST, ISF).
6. Delivering credible engagement with business and technology functions and stakeholders.
7. Effective written and verbal communication (procedure documentation and management reporting).
8. Project Management and problem-solving / troubleshooting (technical and management).
9. Self-motivated and able to work independently without supervision (manage own workload).
10. Collaboration (effective team player).
Required experience:
1. Demonstrable work experience within business-focused Information Security Management System environments.
2. Knowledge of industry standards: ISO 27001; PCI DSS; ISO31000; and ITIL.
3. Ensuring previous compliance to the Data Protection Act 1998 and contributing to the planning and preparation for GDPR.
4. Either a recognised Information Security qualification, or working towards a relevant certification (e.g. CISA, CISM, CISSP, CRISC, ISO 27001 Lead Auditor Certification, and/or Membership of the Institute of Information Security Professionals), or commensurate experience.
5. Outsourcing and Cloud service provision including PaaS, SaaS, IaaS.
6. Understanding of SIEM, IDS/IPS, Vulnerability Scanning/Penetration Testing, Mobile Device Management.
#J-18808-Ljbffr