Information Security and Assurance Advisor
Leek Wootton
Permanent opportunity
JOB PURPOSE: To provide professional guidance and specialist advice regarding information assurance, security, and risk matters. The role involves ensuring the implementation of all necessary policies, procedures, and processes to achieve compliance with national codes of connection and standards.
Key responsibilities include maintaining the organization's Information Security Incident Register, managing and coordinating the investigation of reported incidents, and recommending corrective measures to prevent recurrence. The role also includes supporting departments with data protection impact assessments and offering data protection advice and guidance.
MAIN RESPONSIBILITIES:
1. Support the organization's Information Security and Assurance program to ensure appropriate assurance and compliance processes meet mandatory requirements and national standards.
2. Develop, review, and implement policies and best practices for managing and maintaining information and cyber security.
3. Implement processes to assess information assets for compliance with security policies, best practice standards, and legal and regulatory requirements.
4. Act as a point of contact for information security and assurance queries.
5. Ensure audits and compliance checks are conducted to verify physical and data security protection of all systems and assets.
6. Identify security and assurance requirements for new or updated processes and work with relevant stakeholders to ensure appropriate documentation.
7. Coordinate investigations and reporting of all actual and suspected security incidents, recommending actions to prevent recurrence and analysing trends for organizational learning.
8. Deliver training, education, and awareness programs on information security and risks.
9. Engage with key stakeholders, including partner agencies and third-party suppliers, to ensure compliance with legal and regulatory standards.
10. Stay informed about current legislation, standards, and practices in information security and data protection, fostering an environment of continuous improvement.
11. Represent the organization professionally in internal and external meetings, fostering constructive partnerships and collaborations.
12. Undertake other duties commensurate with the post's nature, level, and responsibility.
SPECIAL CONDITIONS:
* Regular travel may be required.
* Security clearance level: MV.
PERSON SPECIFICATION Knowledge:
* A-levels or equivalent qualification.
* Recognized information security or data protection qualification (eg, CISM, ISEB Certificate, CESG Certified Professional).
* Practical knowledge of current Information Security Management standards and best practices (eg, ISO 27001).
* Practical knowledge of current data protection legislation and associated standards.
* Understanding of technical, human resource, procurement, project, and physical security considerations impacting information security.
Desirable:
* Familiarity with national information assurance conditions and standards.
* Experience with third-party security audits.
Experience:
* Proven experience in delivering operational information security in a multi-site organization.
* Experience ensuring compliance with accreditation requirements.
* Development and implementation of information security policies and procedures.
* Conducting internal audits and facilitating accreditation activities.
* Leading and facilitating meetings with internal and external stakeholders.
* Liaising with external organizations and agencies on security matters.
Key Skills:
* Ability to meet tight deadlines and respond to evolving demands.
* Skilled in influencing behaviors and outcomes using data-driven insights.
* Strong interpersonal and communication skills, with the ability to explain complex issues clearly.
* Proficiency in managing sensitive inquiries and maintaining secure material.