Our client, based in Hampton Wick, Kingston (offering hybrid working), is looking to recruit a part time (25 hours per week) Information Security Officer. If you can fulfil the below criteria, please apply today for this great part time opportunity!
Purpose of the Role:
Manages the information security management system and chairs the Information Security Steering Group (ISSG) Meeting and Information Security Management Meeting. He/she reports to the COO (or board level executive) on information security, who in turn provides concurrence at board level. He/she ensures the policies and standards are kept up to date and schedules information audits. Through management processes, ensures ongoing compliance with the ISO 27001:2017 information governance requirements. Assisting with the maintenance and improvement of Reveal’s ISO27001:2017
ISMS, Cyber Essentials and Cyber Essentials Plus for the UK, German and US offices. Liaises with the Information Asset Owners on matters of information security.
Responsibilities – ISO
- Assisting with the maintenance and improvement of the organization’s ISO27001:2017 ISMS for the UK office.
- Assisting in implementing, maintaining and in the improvement of the organization’s ISO27001:2017 ISMS for the German Office.
- Assisting with the maintenance and improvement of the organization’s Cyber Essentials and Cyber Essentials Plus for the UK, USA and the German Offices.
- The ISO will chair the Information Security Management Meeting and ensure that the meeting minutes are prepared, and the actions raised are recorded in the Management Action Log.
- The ISO will chair the Information Security Steering Group (ISSG) Meeting and ensure that the meeting minutes are prepared, and the actions raised are recorded in the Continual Improvement (CI) Log.
- The ISO will co-ordinate the annual review of the ISO27001 documents with the relevant stakeholders.
- The ISO is to maintain, improve and remediate the Information Security Risk Register and Treatment Plan in liaison with the Asset owners.
- The ISO is to update the measurement statistics in the Information Security Objectives and Measurements document monthly.
- The ISO is to project manage the actions raised in the CI Log, Management Action Log and Security Risk Register and Treatment Plan.
- To contribute to the development and maintenance of an Information Security Policy for the organisation in liaison with the Information Security Steering Group (ISSG).
- To monitor compliance with the Information Security Policy throughout the organisation and to develop and maintain procedures for effective security.
- To advise on the allocation of information security responsibilities.
- To arrange and / or provide information security education and training.
- To develop and monitor a formal procedure for reporting information security incidents and investigations.
- To contribute to the business continuity planning process.
- To advise on the control and monitoring of copying of proprietary software.
- To advise on and monitor the safeguarding of organisational records.
- To schedule and plan internal information security audits.
- To review and appraise the soundness, adequacy and application of security and other controls for the protection of information in accordance with the Statement of Applicability and Annex A of ISO 27001.
- To ascertain the extent to which information collected, held and/or used in the organisation is properly controlled and safeguarded from loss of confidentiality, integrity, or availability from any cause.
- To identify and test the controls and, where appropriate, to suggest additional controls, which may be established to maintain the confidentiality, integrity, and availability of information.
- To bring to the attention of the ISSG and / or COO as appropriate any matters which are considered to be potential risk factors to the proper safeguarding of information within the organisation.
- To own and drive the ongoing Information Security Steering Group (ISSG) to facilitate the Continuous Improvement methodology required as part of the ISO 27001 Standard and in accordance with the published Terms of Reference for this group.
- To ensure that adequate monitoring of Application, Operating System and Network Infrastructure logs is in place so that these can be reviewed at regular intervals by the ISO.
- The ISO is authorised to have access to all the organisation’s systems for the purpose of assessing the security of those systems. The ISO may expect the co-operation of all staff in carrying out these duties including access to systems and records, and the provision of information and explanations. In the event of co-operation not being forthcoming the ISO will be expected to report to the ISSG or COO accordingly.
Qualifications, Skills and Experience:
- Excellent organisational skills to plan and use people and resources to ensure deadlines are met.
- Ability to self-organise and prioritise as required.
- Ability to communicate effectively.
- ISO 27001 qualification.
- Minimum of 2 years’ experience as an Information Security Officer.
- The ability to use initiative and make decisions under pressure.