Given the nature of S-RM’s business, it is essential that it must advocate good practice for Information Security and is committed to continuous improvement in this area.
The Cyber/ Information Security specialist will take the lead and provide a focal point for security and information risk matters, with the ultimate ambition of establishing the IT department as a centre of excellence for Information Security and Cyber security controls.
MAIN DUTIES AND RESPONSIBILITIES
- Assist the Head of IT to review the present InfoSec framework and help set future strategy and roadmap
- Develop and maintain the information security policy and accompanying standards, procedures and guidance including all relevant documentation
- Investigate suspected and actual security incidents in accordance with the security incident management standard, produce reports with recommendations and ensure any remedial action is taken
- Produce reports for the Continuous Security Group
- Play a key part in ensuring the IT department’s continuous adherence to relevant legislation, including GDPR, as well as implementing/developing supporting polices including breach response and mitigation
- Advocate best practice on behalf of IT and Compliance teams by engaging with various business units to ensure that all staff are aware of their obligations with regards to Information Security
- Manage cyber awareness training and phishing campaigns
- Act as the primary point of contact for information security issues across all our global offices.
- Review and provide guidance on current cyber security controls with suggestions for improvements
- Manage all outgoing and incoming vendor risk assessment requirements and coordinate responses accordingly
- Assist the Cyber Team on external client projects as and when the need arises
SKILLS, QUALIFICATIONS & EXPERIENCE
The qualifications and experience required to perform this role successfully are:
- Ideally 3 – 5 years’ commercial experience
- General knowledge of applicable data privacy practices and laws – specifically GDPR
- Preferably hold recognised technical industry accreditations (e.g. CISSP, CISM)
- Strong understanding of security technologies and best practices
- Good understanding of legal frameworks such as ISO 27001
- Proven experience project managing within an IT transformation environment
- Experience of working across data/information risk, compliance, governance and audit is highly desirable
- Proven experience of producing high quality deliverables working alone and as part of a team
- Experience in forensics processes and tools
The individual will need to have the following key personal skills and attributes to perform successfully in this role:
- Strong analytical and technical skills relevant to information security including data encryption, secure data transmission, secure data consumption and risk analysis
- Desktop and server operating systems security
- Must be willing to remain hands-on
- Highly results and quality driven
- Demonstrable ability of documentation
- Experience of working in a fast-paced environment
The successful candidate must have permission to work in the United Kingdom by the start of their employment.