Information Security Manager (Hindlip)

We are currently recruiting for an Information Security Manager in Hindlip.

Pay rate: 49,602 per annum.

Contract duration: Temporary ongoing

Purpose:

• Responsible for the maintenance of the client’s area and National Accreditation, to maintain onward connectivity to national Networks and Systems ensuring that accreditation processes are driven by business objectives and compliant with His Majesty’s Government Information Assurance (HMG IA) standards and national best practice.
• To be the focal point for all information assurance related issues ensuring that the client System Users’ safeguard the confidentiality, integrity, and availability of information by following security standards and guidelines.
• To maintain the Incident Register, investigate reported incidents and if required inform National Agencies or appropriate Managers with recommendations on corrective measures to prevent a re-occurrence.

Main Responsibilities:

1. To lead on delivery of the Information Security programme and accreditation processes and act as subject matter expert to provide professional guidance and specialist advice for all information security and information risk matters.
   2. To achieve compliance with mandatory information security requirements and national reporting standards, including timely completion of annual Community and Cabinet Office Public Services Network (PSN) Codes of Connection (CoCo) and Police Digital Services (PDS) Security Assessment for Policing (SyAP)
   3. To recommend, review and produce policies and best practice for the ongoing management and maintenance of information security management reporting to and taking direction from the Audit, Assurance and Compliance Board.
   4. To assess compliance with the Information Security Policy, associated procedures and processes and working with stakeholders to drive remediation where non-compliances exist.
   5. To be responsible for information risk assessment processes to identify, analyse, evaluate and monitor technical, procedural, physical, and personnel risks in information and information processing systems. Also responsible for identifying and supporting the implementation of security safeguards and countermeasures.
   6. To lead an information security audit and compliance regime to ensure compliance with information security regulations, standards, policies, and guidance on information risk management.
   7. To be responsible for the compilation and maintenance of Risk Management plans and Information Risk Assessment Reports(IRAR) ensuring that IT systems are accredited and subject to accreditation review.
   8. To lead investigative and reporting action of all actual and suspected incidents of security significance and produce quarterly reporting returns Police Digital Services (PDS)
   9. To update knowledge and assimilate information in relation to changes and developments in respect of legislation, information management, and information security procedures and best practice.
   10. To develop a general information security training, education, and awareness programme for completion by all officers and staff and a tailored training programme for Information Asset Owners (IAO’s), senior managers and other stakeholders to include the cause, likelihood, and potential business impact of information risks.
   11. To actively engage all key stakeholders, including partner agencies and third party suppliers, sharing, storing or processing information in the application of information security best practice and HMG standards, ensuring compliance with Home Office legislation and statutory guidance.
   12. To maintain awareness and knowledge of all current relevant information security management legislation, methods and practices ensuring that an environment of continuous improvement, innovation and emerging best practice are evaluated.
   13. To represent professionally and promote the reputation of our client at meetings and groups both internally and externally, including the development of appropriate and constructive partnerships with relevant organisations.
   14. To undertake other duties commensurate with the nature, level of responsibility and grading of this post, as required.

Supervisory/Management Responsibilities:

15. To lead a team, managing their welfare and development and ensuring high levels of motivation.
16. To monitor and manage the performance of the team, identify and address issues and improve team/individual performance, ensuring adherence to professional standards.
17. To assess individual capabilities and development needs and agree appropriate development plans to enable high performance and potential progression.
18. To co-ordinate the work of the team, directing activities, monitoring progress and managing competing demands and priorities to ensure the best use of available resources.
19. To supervise and monitor the handling of information and record keeping, ensuring alignment with legislation, policies and guidance.
20. To monitor and report on team expenditure to ensure the efficient use of available budgets and maximise value for money.
21. To evaluate the effectiveness of existing processes and practices within own area of work in order to identify and implement opportunities for change and innovation and enable continuous improvement.

Knowledge:

• A level 5, or equivalent, qualification.
• A recognised information security qualification (such as Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), CESG Certified Professional (CCP) SIRA/Accreditor) or an equivalent information security qualification.
• In depth expert knowledge of GDPR and also associated Law Enforcement Directive.
• Sound practical knowledge of Accreditation and production of Information Risk Assessment Reports (IRAR).
• Sound practical knowledge of current Information Technology Standards and Techniques (including ISO 27001 series).
• Sound practical knowledge of the HMG Security Policy Framework and associated NCSC and CPNI guidance.
• Knowledge and understanding of the Technical, Human Resource, Procurement, Project, and Physical Security issues that impact upon information security.
• A sound knowledge of risk management and incident management in relation to information security.
• Able to demonstrate a good understanding of information security concepts and practices concerned with maintaining the confidentiality, integrity, and availability of information.

Experience: 

• Experience of supporting high risk projects and process implementation.
• Significant relevant experience of information security in a multi-site organisation.
• Demonstrable experience of PSN compliance requirements including evidenced understanding of maintaining accreditation.
• Demonstrable experience of developing information security strategy, policies, and procedures in an enterprise environment.
• Experience of utilising and managing a risk-based approach to undertaking internal audits audit and accreditation activities working with external auditors, including health checks and penetration tests.
• Experience in facilitating and leading meetings with internal and external stakeholders at senior level.
• Experience of liaising with other organisations and agencies on information security matters.

Key Skills:

• Ability to work to tight deadlines, respond to changing demands and deliver efficient follow-ups.
• Evidence of influencing the motivation and behaviour of people both internally and externally.
• Effective interpersonal and communication skills, both written and verbal, and the ability to explain complex issues at a variety of levels.
• The ability to undertake sensitive enquiries with limited supervision and to manage and keep secure sensitive material and therefore exhibit high standards of professionalism.

Contact Olivia Mason for more information on this vacancy or to apply call 07789557717.
You can also email olivia@peel-cyber.co.uk