The Information Security Compliance and Risk Specialist will:
Develop & maintain the MCA’s Information Security Management System (ISMS) and all underpinning documentation, including stakeholder engagement & compliance checks.
Be responsible for the delivery of information security risk management processes, across all asset types, providing risk-based advice & guidance to asset owners across the business and carrying out regular reviews of the MCA’s risk/threat landscape.
Be the coordinator for annual compliance reviews and audits, managing the implementation of remediation action.
Managing the development & delivery of the security training and awareness plan for the business.
For further information about the role and responsibilities, please see the attached role profile.
Person specification
About You
You will need the following experience:
Experience in the development, maintenance and management of policies and processes.
Experience in risk management including communicating risk to technical and non-technical stakeholders, of varying levels, through varying mediums.
Experience in threat analysis including context, identifying existing or emerging threat to assets and using that to inform security decisions.
Strong understanding of a range of security standards/regulations (e.g. ISO 27001, NIST 800, GovS007, UK GDPR etc) across all areas of information security, and how these can be applied to deliver effective/appropriate/proportionate controls across all areas to minimize impacts of security incidents.
Experience of building relationships and influencing stakeholders, working collaboratively and inclusively, sharing information and knowledge to achieve common aims.
Additional Information
This role will be based in the Southampton HQ. MCA supports flexible working and operates a hybrid working model between home and office for this role, giving you greater flexibility over where and when you work.
The expectation is that you will spend a minimum 60% of your working time based at your principal workplace or out on official business. Details of the arrangement will be discussed further with your line manager.
There may be a requirement for occasional travel on official duty within the UK, which may involve overnight stays. Notice will be given prior to travel.
Digital and Data Profession Pay Framework
This role is part of the Government Security Profession and utilises an enhanced Capability–Based Pay Framework which provides access to a Digital and Data allowance.
The base pay is £42,848. In addition to this, the role includes a Digital and Data allowance of up to £14,552.
The value of allowance awarded will be based on an assessment of your skills and experience as demonstrated through the selection process.
Here are more details on the pay framework.
Proud member of the Disability Confident employer scheme
Disability Confident
About Disability Confident
A Disability Confident employer will generally offer an interview to any applicant that declares they have a disability and meets the minimum criteria for the job as defined by the employer. It is important to note that in certain recruitment situations such as high-volume, seasonal and high-peak times, the employer may wish to limit the overall numbers of interviews offered to both disabled people and non-disabled people. For more details please go to Disability Confident .