Information Security Assurance Manager
- Badenoch & Clark
- Feb 04, 2022
Full time
Information Technology
Telecommunications
Job Description
Information Security Assurance Manager
The Security Industry Authority, the regulatory body of the private security industry and part of the Home Office, require an Information Security Assurance Manager to join them for an initial 2-year fixed term contract. This is an exciting opportunity to join an expanding Government Department who can offer continued career growth and development, a flexible, supportive and secure working environment and excellent benefits including 27.5 days holiday (rising to 32.5) and enrolment to the Civil Service Pensions Scheme (27-30% employer contribution).
Job Purpose
You will provide dedicated information risk and accreditation management and information systems control expertise to the SIA and its service delivery partners.
You will provide 2nd line information security assurance, making recommendations and providing advice, guidance and monitoring of the SIA systems information exchange processes and systems data holdings.
You will provide expert advice and guidance on the implementation of HMG SPF controls and policies.
You will support the Head of Risk and Assurance in creating and maintaining the Project Assurance Framework.
Responsibilities
*To lead and develop the Information Security Assurance Officer and champion, support and embed independent and robust information security assurance processes.
*Advise on all aspects of information assurance management and to assist senior management in maturing our Information Assurance management arrangements.
*Manage and advise on the organisation's Information Assurance budget allocation ensuring value for money requirements are met.
*Ensure the SIA remains compliant with the minimum mandatory measures of the Security Policy Framework (SPF) and associated HMG Information Security Standards.
*Keep abreast of developments and changes in government and industry information assurance policies and practices with a specific emphasis on Protecting Personal Data and Managing Information Risk.
*Assist department/division managers and our contracted services providers to remain proactive in assessing and minimizing information security risks and business impacts arising from information processing and ICT services and systems threats and vulnerabilities.
*Undertake risk and privacy impact assessments together with department/division managers and appointed security consultants and services providers.
*Monitor the effectiveness of our security policies and practices covering physical, procedural and technical controls providing 2nd line assurance.
Relevant Knowledge, Skills and Experience
Essential
*Proven experience in a services delivery organisation (public or private sector) in a similar role
*A strong working knowledge of managing information security risks, producing risk assessments and other Information risk management documentation.
*Proven ability to assess information systems processes and ICT services and systems threats, vulnerabilities, and risks.
*Proven ability to write reports and deliver presentations on information risk management, systems process control, ICT security.
*Proven ability to author information security policies and procedures.
*Experience of managing budgets.
*Experience of managing a team of technical specialists.
*Works and communicates effectively and fluently with managers and staff - able to explain complex technical issues in terms that non-technical managers and staff will understand.
*Able to meet deadlines, prioritise and organise a busy schedule of work.
*Ability to work on own initiative as well as member of a team and as an effective customer service focused deliverer.
*Flexible, confident and persuasive, able to influence decision makers.
*Candidates must be able to demonstrate a level of awareness of equality and diversity issues appropriate to this role.
Desirable
*Industry recognised qualifications relevant to information risk and security management (examples are CISSP, CLAS, CISM, CISA, ISO27001 Auditing).
*Experience of ICT security management, planning, implementation, and monitoring.
*Understanding of ITIL service processes and management relevant to information security.
To be successful, applicants must have valid right to work in the UK and be eligible to apply for Security Clearance
Badenoch + Clark acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers. Badenoch + Clark UK is an Equal Opportunities Employer.
By applying for this role your details will be submitted to Badenoch + Clark. Our Candidate Privacy Information Statement explains how we will use your information - please copy and paste the following link in to your browser: https://en-gb/candidate-privacy
The Security Industry Authority, the regulatory body of the private security industry and part of the Home Office, require an Information Security Assurance Manager to join them for an initial 2-year fixed term contract. This is an exciting opportunity to join an expanding Government Department who can offer continued career growth and development, a flexible, supportive and secure working environment and excellent benefits including 27.5 days holiday (rising to 32.5) and enrolment to the Civil Service Pensions Scheme (27-30% employer contribution).
Job Purpose
You will provide dedicated information risk and accreditation management and information systems control expertise to the SIA and its service delivery partners.
You will provide 2nd line information security assurance, making recommendations and providing advice, guidance and monitoring of the SIA systems information exchange processes and systems data holdings.
You will provide expert advice and guidance on the implementation of HMG SPF controls and policies.
You will support the Head of Risk and Assurance in creating and maintaining the Project Assurance Framework.
Responsibilities
*To lead and develop the Information Security Assurance Officer and champion, support and embed independent and robust information security assurance processes.
*Advise on all aspects of information assurance management and to assist senior management in maturing our Information Assurance management arrangements.
*Manage and advise on the organisation's Information Assurance budget allocation ensuring value for money requirements are met.
*Ensure the SIA remains compliant with the minimum mandatory measures of the Security Policy Framework (SPF) and associated HMG Information Security Standards.
*Keep abreast of developments and changes in government and industry information assurance policies and practices with a specific emphasis on Protecting Personal Data and Managing Information Risk.
*Assist department/division managers and our contracted services providers to remain proactive in assessing and minimizing information security risks and business impacts arising from information processing and ICT services and systems threats and vulnerabilities.
*Undertake risk and privacy impact assessments together with department/division managers and appointed security consultants and services providers.
*Monitor the effectiveness of our security policies and practices covering physical, procedural and technical controls providing 2nd line assurance.
Relevant Knowledge, Skills and Experience
Essential
*Proven experience in a services delivery organisation (public or private sector) in a similar role
*A strong working knowledge of managing information security risks, producing risk assessments and other Information risk management documentation.
*Proven ability to assess information systems processes and ICT services and systems threats, vulnerabilities, and risks.
*Proven ability to write reports and deliver presentations on information risk management, systems process control, ICT security.
*Proven ability to author information security policies and procedures.
*Experience of managing budgets.
*Experience of managing a team of technical specialists.
*Works and communicates effectively and fluently with managers and staff - able to explain complex technical issues in terms that non-technical managers and staff will understand.
*Able to meet deadlines, prioritise and organise a busy schedule of work.
*Ability to work on own initiative as well as member of a team and as an effective customer service focused deliverer.
*Flexible, confident and persuasive, able to influence decision makers.
*Candidates must be able to demonstrate a level of awareness of equality and diversity issues appropriate to this role.
Desirable
*Industry recognised qualifications relevant to information risk and security management (examples are CISSP, CLAS, CISM, CISA, ISO27001 Auditing).
*Experience of ICT security management, planning, implementation, and monitoring.
*Understanding of ITIL service processes and management relevant to information security.
To be successful, applicants must have valid right to work in the UK and be eligible to apply for Security Clearance
Badenoch + Clark acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers. Badenoch + Clark UK is an Equal Opportunities Employer.
By applying for this role your details will be submitted to Badenoch + Clark. Our Candidate Privacy Information Statement explains how we will use your information - please copy and paste the following link in to your browser: https://en-gb/candidate-privacy
About Badenoch & Clark