Roles and Responsibilities
Job Purpose:Establishing standards and processes for the management of information security in compliance with applicable legislation and standards; Building a culture of effective information security; Updating the information security strategy; and Taking responsibility for the assessing and managing information security risk, particularly IT security risk.
- Effectively investigating the cause of information security incidents, recommend, design and lead projects for remediation and prevention of recurrence.
- Timely responding to the information security incidents, and ensure that proper controls are met by the systems.
- Responsible for maintaining and managing IT security risk register and arrange IT security risk meetings.
- Provide leadership in designing and costing solutions to security concerns, gain agreement from stakeholders (such as IT and staff) and drive the result projects.
- Plan and perform security risk assessments of information systems, data flows, document findings, managing and driving remediation plans in line with organisational risk appetite and best practice
- Conduct vulnerability and risk assessments of IT components, produce plans for improvement and communicate these to the business owners in line with a best practice, being responsible for ensuring the pen testing is undertaken on applications and infrastructure
- Gain over confidence and respect from business owners in relation to information security risk for new systems, applications and changes to systems by having a stakeholder engagement plan.
- Embed information security as part of the procurement process, working in-line with the Procurement Manager, who will be responsible for ensuring Data Protection.
- Manage engagement with external suppliers of information security services, such as IT Managed Services Provider, software vendors, penetration testers and auditors and ensure audit of these suppliers, also ensure due diligence questionnaires and risk assessments are made an integral part of procurement processes
- Ensure IT vendor management is an ongoing process
- To advice on the security aspects of procurement contracts, including access controls
- Work with the Learning Team to develop an engaging and accessible learning programme to build an effective information security culture for staff and volunteers
- Plan the resources and expenditure needs in order to carry out information security activities to best practice.
- Ensure all volunteers and employees are clear about their responsibilities in relation to information security and the protection of assets by clarifying procedures and instilling good practice.
Desired Candidate Profile
Education: Applicable security certification (or equivalent professional experience) required e.g. B.E/B.Tech/MS in Information Security or related field or equivalent qualification or work-related experience.ISO270001, CISSP, CISA certification is highly preferred.
Experience: 6 Years of Experience in successfully introducing a new Information Security programme within an organisation, strategic planning, audit and procurement processes.
- Knowledge and In depth understanding of information security concepts and technologies, example: Encryption of data in transit and at rest, Security Information and Event Management, Identity and Access Management, Hands-on experience working with varied stakeholders to deliver shared goals
- Keen on delivering excellent information security support in a fast moving and complex organisation
- Good communication skills, including the ability to convey information security concepts in accessible and engaging terms
UG:B.Tech/B.E. - Any Specialization, Computers
PG:MCA - Computers
Doctorate:Doctorate Not Required