JOB DESCRIPTION

The primary focus of this vital role is collating assurance from our system owners, operational cyber teams and other stakeholders to produce cyber security assurance reports. Supporting your colleagues in the management of information security and cyber risks, you’ll also offer leadership on governance, assurance and cyber security awareness by organising guest speakers, regular communications and training sessions.
Assisting our Governance and Assurance Group in its general operation, and ensuring reviews and caveats are completed, we’ll expect you to offer advice relating to security operating procedures. Your additional responsibilities will include assisting the Chief Information Security Officer team in respect of information security incidents, and providing advice on ICT system security issues.

USE ALL YOUR IT AND RISK MANAGEMENT SKILLS

With well developed knowledge of IT systems and associated risk management processes, you’ll be familiar with cloud and mobile technologies, and have a good understanding of information security principles, relevant legislation, HMG IA Standards and ISO/IEC 27001. When it comes to formal education you should have an appropriate professional qualification in a relevant discipline, for example CISM, CISMP, practitioner level certificate in 27001 or information risk management. A track record of driving cyber security, information security and information assurance in the public sector would be desirable, as would experience of working with assurance frameworks in relation to cyber and information security activities. In addition, the ability to influence cyber and information security policy at a national and organisational level would be a bonus.

QUALIFICATIONS

Appropriate professional qualification in relevant discipline e.g. CISM, CISMP, practitioner level certificate in 27001 or information risk management, or equivalent, etc.

TECHNICAL SKILLS

We’ll assess you against these technical skills during the selection process:

• Good understanding of IT systems and associated risk management processes. Must be familiar with cloud and mobile technologies
• Understanding of information security principles, relevant legislation, HMG IA Standards and ISO/IEC 27001;
• Appropriate professional qualification in relevant discipline e.g. CISM, CISMP, practitioner level certificate in 27001 or information risk management, or equivalent, etc.

We only ask for evidence of these technical skills on your application form:

• Appropriate professional qualification in relevant discipline e.g. CISM, CISMP, practitioner level certificate in 27001 or information risk management, or equivalent, etc.

NATIONALITY REQUIREMENTS

Open to UK nationals only.

Responsibilities include but are not limited too:

• Collate assurance from system owners, operational cyber team and other stakeholders across the organisation to produce assurance reports primarily related to cyber security as part of the Senior Information Risk Owner (SIRO) reporting;
• Accountable for and monitoring of compliance to relevant policies, aligned to National Cyber Security Centre (NCSC) guidance, legislative and government standards and policies, and FCDO Services information security and cyber policies and strategies;
• Ownership and maintenance of required certifications and accreditations, including GovAssure, ISO27001 (owner of Statement of Applicability and ISMS Plan, facilitation of audit visits including setting up audit sessions, liaison with organisational stakeholders, including internal coordinator) and relevant sections of government inspections and audits;
• Act as Chief Information Security Officer (CISO) lead on the second line of defence in the internal information risk assurance framework, the Cyber Assurance Framework and provide active support on Secure by Design;
• Assist the governance and assurance group in general operation, monitoring and ensuring required reviews and caveats are completed as required;
• Support Lead Managers and Departmental Risk / Service Improvement Managers in identification and management of information security and cyber risks;
• Lead on governance, assurance and cyber security awareness across the organisation (not technical cyber specialisms) through regular communications, guest speakers, online training and training sessions;
• Co-ordination and provision of advice relating to Security Operating Procedures (SOPs) – ownership of standard wording of all SOPs; reviewer of all SOPs to ensure they align to policies within the remit of the Office of the Senior Information Risk Owner;
• Provide initial response and assist the CISO Team in respect of information security related incidents, coordinating responses and working with technical teams as required;
• Provide advice on IT security matters and information security requirements on new and existing ICT systems in line with organisational policy, risk appetite and latest legislation, regulatory and mandatory requirements;
• Work with internal stakeholders to develop relationships to help promote and improve information security and provide security advice on procurements, projects and new initiatives;
• To support the Team and wider Group Business Continuity requirements;
• Work with other security teams on training and updating staff on annual information security mandatory and ongoing training