Information Security Consultant

at  Exponentiale

EXPONENTIAL-E

Founded in 2002, Exponential-e swiftly established itself as a UK Cloud, Connectivity and Communications pioneer. Throughout our history, a focus upon leveraging leading-edge technology to deliver profitable and innovative services to our clients and prospects has resulted in industry and peer recognition for our ground-breaking approach, a truly world-class ICT services company.
We’re a company of innovators who think big and achieve bigger! Our people are crucial to the continuing success of our company. From our CEO to our new Graduates, each of our people demonstrates our PRIDE principles which are at the core of everything we do.

JOB DESCRIPTION

Overall purpose of the job:
The information Security and Compliance Consultant responsible to evaluate the level of compliance with Exponential-e & Vysiion.s strategy and its mission, generally accepted operating principles, government & health contracting requirements and applicable rules and regulations; and will participate as a compliance expert, as appropriate, in groups established to support business initiatives or process modifications and oversee coordination of compliance implementation with other departments and business units. He will also be responsible for analysing new and proposed legislation that impacts company operations, products, services, or distribution channels, and initiate appropriate action.

Key responsibilities for this job:

• Managing a program of implementation or transition, internal and external assessments of exponential-e’s conformity with international & government standards; ISO9001, ISO2700 1, ISO22301, Cyber Essentials Plus, Security Controller, HMG Compliance Frameworks,, and CREST Accreditation.
• Device control and analysis; SIEM – Alien Vault, Knownbe4, Data Prevention Loss
• Reporting on the performance of the compliance management system to the Management Team.
• Development Establish or implementation of policies and procedures that are aligned with compliance framework and business requirements.
• Engaging with key stakeholders to ensure ongoing maintenance of the management system in compliance to standards.
• Managing assets under his ownership in accordance with the requirements identified in “Asset Register & Risk Register”
• Scheduling and conducting business management system reviews
• Identifying resources and target dates for the implementation of risk treatment, corrective actions identified in the Continual Improvement Plan ("CIP").
• Maintaining the Legal and regulatory obligations internall and externally
• Conducting and managing Privacy Impact Analysis ({IA), Business Impact Analysis (BIA) and evaluating any associate risks.
• Delivering appropriate compliance training and awareness to new employees/contractors and throughout their engagement with exponential- e in accordance with the Organisation’s Training and Awareness requirements.
• Facilitating the performance of risk assessments with risk owners, capturing risk treatment actions selected for implementation to the formal Continual Improvement Plan ("CIP").
• Capturing the justification of acceptance of any risk calculated to be above the acceptance threshold in the “Asset Register & Risk Assessment”
• Monitor & manage internal and external risks such as; Brexit, Covid-19, Russia-Ukraine conflict
• Maintaining a register of all relevant legislative statutory and contractual requirements.
• Ensuring that the correct and current version of documents is available in the Business Management System drive.
• Supporting Sales, Bid and Legal with with compliance due diligence, schedules and contractual agreement.
• Notification to Customers of relevant information security incidents/loss of confidentiality of information.

• Organising and managing IT Health Checks.

  Knowledge and experience required:

• Previous experience as a Quality or information security consultant

• Organisation, project management, and planning skills
• Ability to analyse current working practices and provide ideas to improve visibility and efficiencies of compliance management system
• Good knowledge, implementing and maintaining international standards (ISO’s, SOC2, Government standards
• Understanding knowledge of audit, education, risk, legal, investigations, ethics, and policy development.
• Ability to think ahead and minimise business risks

• Managing a program of implementation or transition, internal and external assessments of exponential-e’s conformity with international & government standards; ISO9001, ISO2700 1, ISO22301, Cyber Essentials Plus, Security Controller, HMG Compliance Frameworks,, and CREST Accreditation.
• Device control and analysis; SIEM – Alien Vault, Knownbe4, Data Prevention Loss
• Reporting on the performance of the compliance management system to the Management Team.
• Development Establish or implementation of policies and procedures that are aligned with compliance framework and business requirements.
• Engaging with key stakeholders to ensure ongoing maintenance of the management system in compliance to standards.
• Managing assets under his ownership in accordance with the requirements identified in “Asset Register & Risk Register”
• Scheduling and conducting business management system reviews
• Identifying resources and target dates for the implementation of risk treatment, corrective actions identified in the Continual Improvement Plan ("CIP").
• Maintaining the Legal and regulatory obligations internall and externally
• Conducting and managing Privacy Impact Analysis ({IA), Business Impact Analysis (BIA) and evaluating any associate risks.
• Delivering appropriate compliance training and awareness to new employees/contractors and throughout their engagement with exponential- e in accordance with the Organisation’s Training and Awareness requirements.
• Facilitating the performance of risk assessments with risk owners, capturing risk treatment actions selected for implementation to the formal Continual Improvement Plan ("CIP").
• Capturing the justification of acceptance of any risk calculated to be above the acceptance threshold in the “Asset Register & Risk Assessment”
• Monitor & manage internal and external risks such as; Brexit, Covid-19, Russia-Ukraine conflict
• Maintaining a register of all relevant legislative statutory and contractual requirements.
• Ensuring that the correct and current version of documents is available in the Business Management System drive.
• Supporting Sales, Bid and Legal with with compliance due diligence, schedules and contractual agreement.
• Notification to Customers of relevant information security incidents/loss of confidentiality of information.
• Organising and managing IT Health Checks