Information Security Officer
Job Title: Information Security Officer
Salary: £50,000 - £55,000 + Excellent Benefits
Job Sector: Information Security and Risk Management
Job Function: Group Information Security Officer
Experience Level: Manager
Contract Type: Full Time, Permanent
Job Ref: AR/J19294
Nationwide Claims Management Solution Provider, who specialise in the handling of commercial claims across all classes of business, is recruiting for an Information Security Officer. This senior role will be based in Stoke on Trent and provide full UK support including Ireland.
The role will be responsible for the development and delivery of a comprehensive information security and privacy programme for the Group. The ISO will be required to provide support and advice to the business on all aspects of information risk including information security, data protection and privacy. In addition the role is to manage information security governance projects and initiatives and assist the business to define appropriate controls to manage risks associated with all information (including personal and business data). The scope of this is Group wide and includes information primarily in electronic format with a smaller percentage of manual data. The role will report to the Corporate Services Director.
Position Duties will be as follows:
- Coordinate the development of the Groups information security policies, standards and procedures.
- Work with key IT stakeholders and the Information Security and Business Continuity Group to develop such policies.
- Ensure that policies support compliance with external requirements.
Education and Training:
- Coordinate the development and delivery of an education and training programme on information security and privacy matters for employees and suppliers.
- Serve as the Groups Information Security officer with the Groups Clients.
- Responsible for the Group Data Protection.
- Work with Clients at the tender stage and throughout the life time of the Client contract for information security changes and audits.
- Oversee Data Subject Access requests. Manage the Group’s ISO27001 accreditation to ensure maintenance and compliance with accreditation requirements.
- Manage and complete information risk and information security reviews, including due diligence of third parties.
- Develop and implement an Incident Reporting and Response System to address security incidents (breaches), respond to alleged policy violations or complaints from external parties.
- Serve as the Groups official contact point for information security, privacy infringement incidents.
- Serve as the Groups designated representative on Information Security matters, including external and internal audits, client requests on security, data and privacy matters.
- Input to the development, implementation and enhancement of the Business Continuity Framework.
- Information Security and Business Continuity Group (IS&BC Group).
- Manage the Groups IS&BC Group.
- Keep abreast of latest security, data and privacy legislation, regulation in particular ISO27001 and GDPR
To be successful in the role, you will have relevant experience in an IT and IT Information Security role as well as extensive knowledge of Information Security and Cyber risk and control frameworks. You will also have practical experience of implementing risk management improvements or performing oversight. You will be an excellent communicator both written and verbally at all levels, and have a strong track record of building positive relationships at a senior level providing constructive support and challenge to Directors.
Sound practical knowledge of Information Technology Standards including ISO27001, PCI accreditation,
Preferable but not essential to hold a recognised information security qualification such as Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), ISO audit qualification or similar
Experience of the Data Protection Act and new GDPR
5 years experience in a senior technical IT infrastructure role
Experience in a similar Information Security role
Driving Licence essential