Information Security Officer

Information Security Officer

Full Time

Edward Reed Recruitment are searching for a Information Security Officer to join our client based in Warrington. Our client has extensive experience in offshore and onshore facilities; specialising in asset management services throughout all life cycle phases from consulting, engineering, manufacturing, assembly, operations, maintenance, and decommissioning.

The Information Security Officer will have primary responsibility for the management and implementation of information and data security policies and procedures in accordance with externally verified ISO 27001: 2013 requirements and other third party accreditation schemes.

 

Duties & Responsibilities

  • To oversee the effective implementation and maintenance of the Information Security Management System in accordance with the requirements of ISO 27001: 2013
  • To ensure policies, processes and procedures are aligned with best practices and kept up to date
  • Organisation and liaison with external accreditation bodies to manage certification schemes, recertification and periodic audit programmes for ISO 27001 & other applicable industry standards in relation to information/data security
  • Maintain risk and opportunity matrices in relation to information security
  • Maintain (in liaison with the Legal Department) a legislation register in relation to information security
  • To manage and chair Information Security Steering Group meetings
  • Engage with various information/data owners on matters of security and compliance and influencing improvement where required
  • Collaboration with the appropriate discipline heads, specifically the IT Department, to support the ongoing compliance to Cyber Essentials and Cyber Essentials Plus, ensuring alignment with ISO 27001 compliance where applicable
  • Conducting internal and external audits to verify ongoing compliance
  • Supporting the QA/QC Manager to incorporate information security requirements within the annual audit programme
  • To monitor compliance to information and data security requirements and notify senior management of potential deviations, areas of vulnerability or non-compliance
  • Assist the IT Department with penetration testing (where required) to help determine potential flaws/threats
  • Educating and training colleagues on information security and best practice in a manner that is understandable by the wider organisation, and identification of training needs where applicable
  • Maintaining up to date knowledge of developments in security standards, threats and best practice
  • Ensuring any security breaches are reported, recorded and investigated in accordance with the necessary incident management processes, including the application of corrective action to prevent repetition
  • Liaison with Procurement to ensure information security requirements are appropriately implemented within the supply chain
  • Reporting on performance and the continual development of the Information Security Management System
  • Provision of support to the commercial tendering and bid process in relation to information security management requirements
  • Liaison with Client representatives on matters of information security
  • Driving information security management strategy and continual improvement objectives
  • Presentation and delivery of information security management system data and related performance data
  • Promotion of a robust information security culture within the organisation, ensuring relevant communication processes are maintained
  • Manage, maintain and test the information security aspects of the Business Continuity Plan in conjunction with Department Heads

Experience & Qualifications

Essential

  • Previous experience with information security management systems, accreditation schemes and auditing
  • Knowledge / experience of Cyber Essentials / Cyber Essentials Plus
  • Robust knowledge of information security frameworks
  • IT literacy
  • Recognised / professional information security qualification
  • Recognised ISO 27001 Auditor Qualification

 

Desirable

  • Member of professional body
  • (e.g. Chartered Institute of Information Security (CIISec)