Information Security Goverence, Risk and Controls Officer/
£80K Salary + benefits + Bonus + Excellent Pension/Healthcare/Holidays etc
Reporting into CISO.
Medium Sized Ethical Financial Services Insurance group (Member owned) 100% remote role
Our client is expanding their Information Security group with a wider range of new projects
and infrastructure challenges. You ideally will be able to provide expertise in maintaining and supporting IT security strategies, managing overall IT security governance, and compliance processes.
YOU MUST HAVE Previous experience managing IS027001 and Cyber Essentials audits and ensuring adherence to these levels + a wide range of the experience below & ensure effective implementation of IT security controls and processes.
They are an ethical and quality organization that can provide an wide range of challenges,
and in an organisation that is growing and understands the challenges of moving forward in
more complex software, application and new delivery of systems.
Some of the Key Responsibilities in this role.
- Conduct system and process audits to ensure appropriate controls.
- Offer security advice based on best practices to IT or Systems Owners.
- Evaluate and assess risks of new suppliers, software, systems, or technologies.
- Perform penetration testing and analyse IT requirements for best practice security.
- Identify and mitigate network vulnerabilities and monitor for security breaches.
- Stay updated on security and technology developments and research emerging cyber
threats.
- Plan and test disaster recovery, business continuity, and create contingency plans.
- Monitor systems logs, identity and access management, API security, and software
libraries. - Maintain security systems, conduct security training, and utilize advanced
analytic tools.
- Conduct phishing simulations, internal audits, and investigate security alerts.
- Liaise with stakeholders, generate reports, and maintain information security risk register.
- Assist with audits, compliance, and retention of ISO27001, Cyber Essentials Plus, etc.
Managing Compliance, Quality, and Risk:- Implement internal and external audit
requirements and maintain accurate process maps.
- Ensure compliance with ISO27001, Cyber Essentials Plus, Service Management, and
internal governance.
Experience and Qualifications:
- At Least 3-5 years experience in Information Security but nice to have relevant certifications (CISSP,CEH, CISM, etc) Strong problem-solving skills, understanding of GDPR, and experience with cloud-based services.
Must have the right to work in the UK, and happy to work remotely with office visits when required.