Full time
Information Technology
Telecommunications
Job Description
Responsibilities
To operate our information security management system, and maintain Mental Health Innovations' ISO 27001 certification.
Building and maintaining excellent relationships with team leads across the organisation to raise awareness of security and work through issues
Deputising for the Director in security matters as required
Operation of the ISMS and Data Protection processes
Managing risk register, preparing for management review meetings
Developing/maintaining controls and ensuring they are implemented across the organisation
Refining our security KPIs and maintaining them
Proposing actions from KPIs, events and incidents and coordinating resultant work
Working with the Director to track threats and vulnerabilities, evaluate risk levels and progress treatment plans
Ensuring secure endpoint and cloud posture
Working with the team to plan consultancy days; e.g. work items requiring deep knowledge of a specific security domain or a technical specialist
Monitoring our processes and suggesting improvements
Proposing and progressing other continuous improvement work
Feeding into training and awareness programmes and improving security culture
Preparing for audits and carrying out remediation work
Working with the Director to create, maintain and manage policies and ensure compliance
Planning and participating in incident response exercises
Managing major incidents and conducting post mortems/reviews
Requirements
The ability to learn new skills and technologies quickly
Experience of risk management
Working knowledge of security standards and frameworks, particularly ISO 27001
Knowledge (and preferably experience) of GDPR and DPA 2018
Experience of incident management
Excellent knowledge of high level security concepts and best practice
Excellent documentation skills, including policies and standards
Knowledge of the following areas (deeper experience of one or more preferred): Endpoint security, Network security, Cloud security, Application security, Identity and access management, Secure distributed working practices
Excellent written and verbal communicator
Ability and desire to learn new tools, skills and consider other perspectives
Growth mindset. Comfortable performing a wide range of activities, including stretching to new skill/experience areas
Ability to manage own time, confirm priorities and expectations
Independent worker who knows when to ask questions
Comfortable working with the wider team and organisation
Comfortable dealing with ambiguous situations and objectives