£41500.00 - £45877.00 per annum
0161 707 1516
about 2 months ago
The Information Security Officer (ISO) role is accountable to the Security and Safeguards Manager (SSM) for carrying out activities in support of the implementation of Cyber Security, Information Assurance and Physical Security within the clients 3 business entities and to assist with the demonstration of compliance with national and international requirements, and client processes and procedures. The job holder will work closely with and provide support to the Information & Physical Security Manager (IPSM) to ensure that robust and consistent security measures are applied across the site.
The ISO must be able to translate the Information risk requirements and challenges/constraints of the clients businesses into technical control requirements and specifications, as well as develop metrics for on-going performance measurement and reporting. The ISO assists in the coordination of the IT organisation technical activities to implement and manage security infrastructure. The ISO will carry out any security or business related activity as directed by the SSM or the IPSM acting on his behalf.
- Demonstrable experience of driving information security improvements
- Experience of audit processes
- Experience of proactive risk management
- Ability to work effectively with business managers, IT engineering and IT operations staff.
- The ability to interact with client personnel, build strong relationships at all levels and across all business units and organisations.
- A strong understanding of the business impact of information security measures.
- Capability to guide company personnel on information security matters and work with minimal supervision.
- Experience working with legal, audit and compliance staff.
- Evidence of maintaining policy, procedures, standards and guidelines.
- Experience in providing security guidance and undertaking assurance reviews of security procedures in a regulated environment.
Technical Skills Required
- Generalist understanding of information security management systems such as ISO27001 or NIST
- The ability to discuss and explain information security concepts in business language and vice versa
- Excellent verbal, written and interpersonal communication skills.
- Strong analytical skills to analyse information security requirements and find a pragmatic balance with business requirements.
- Ideally, working knowledge of applicable national, international and regulatory nuclear information security standards and frameworks (or an equivalent industry).
- Good understanding and practical experience in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
- An understanding of IT and network systems and their vulnerabilities and the ability to work with technical specialists to develop solutions.
- Excellent negotiation and influencing skills, with the ability to achieve successful outcomes where some factors are outside our control.
- A relevant degree or information security qualification