Security and Compliance Officer
We have an exciting opening for an experienced security professional to work in our security and compliance management team. You will work with a highly talented leadership to team to deliver a world class IT service and security posture for the company globally.
Our established information security management system is ISO27001 certified and will be extended to cover greater scope in the future. You will help evaluate and plan the rollout of further security certifications in the future.
You will also support the business in working with clients and potential clients to assist in their review, audit and agreement of our company standards and identify and agree internally and with the client where additional procedures or tools' implementation is required to meet specific client requirements.
A key part of the remit is to ensure the company continues to apply to evolving Data Protection legislation and related standards, including GPDR.
About the job
You must be a motivated security professional with excellent communication and management skills, able to work with colleagues and clients to deliver appropriate security plans and improvements. You will report to the Information Security Systems Manager to assist with the operation of the ISO 27001 information security management system working with staff and managers across the entire business, covering all aspects of security and data protection.
- Working with the Information Security Systems Manager and Data Protection Officer to build and maintain our information security management system, ensuring compliance with ISO 27001 and other standards as agreed with the Operating Board
- Assist with the support and implementation of the ISMS throughout the company, through documentation and training
- Support the expanding scope of the ISMS to cover a broader range of our operations
- Help implement new security methods, tools and techniques in order to deliver appropriate security for ourselves and our clients
- Work with operational staff to implement and maintain security methods and tools in delivery of our projects and services to clients
- Liaise with clients and potential clients to assist in their vendor assessments
- Review new application and system implementation plans for compliance with our standards and review and subsequent changes that might impact security posture
- Assist with Vendor assessments for our sub-contractors
- Assist with internal audit of ISMS procedures and work with external auditors to support external assessments
Skills and Requirements
- Experience in delivering information security in a structured environment, ideally according to ISO 27001 certification requirements
- Experience in working in a service provider environment
- Experience working with cross-functional and geographically diverse teams
- Experience in other security environments eg PCI, HIPAA
- Understanding of all aspects of security including physical, access control, network security, personnel, business continuity, application design, vulnerability management and penetration testing
- Degree or higher-level qualification in computing or related technologies
- Ideally CISSP or CISA qualification or similar