Information Security Officer (BISO)
* To manage the activities of the UK Business Information Security Office in providing the co-ordination of and end-to-end BISO process to support the furthering of maturity in the UK offices for all supported UK business units as directed by the Business Information Security Officer
* The Business Information Security Officer will be working with assigned projects and initiatives to provide guidance and direction for IT and Business projects relating to It risks and direction to mitigate these risks to an acceptable level based on policy and best practices.
* Ensuring the IT Risk Management and Compliance Gate process has been set up correctly.
* Gathering information for risk assessments - eg risk and control verification, relevant certs, technical documentation, architecture diagram, VAPTs etc.
* Liaising with the PM's, vendors, and internal team(s).
* Request VAPTs, review controls, create risk register for all identified risks
* Conduct awareness and training sessions if required.
Required working experience (in years)
Required skills and qualifications
*Over 7 years' experience within a Security Office working with the Business and IT. A proactive self-starter who is able to develop and maintain effective working relationships with multiple stakeholders, the wider team from across the organisation and varying levels of seniority, and external suppliers.
*Very good knowledge of complex IT organizations and experience with security-relevant topics, security technologies and a related knowledge of the market.
*Good knowledge of security standards (eg ISO 2700x, ISF's SoGP, NIST) and other frameworks.
*Practical experience in performing formal risk assessments.
*Active and effective communicator with peers and senior management at board level.
*International experience from working on global and large projects.
*Basic knowledge of laws applicable in offices in the area of responsibility.
*Customer orientation, strong negotiating and problem solving skills.
*Initiative, creativity and an open mind for innovation.
*Strong planning, organizational and presentation skills.
1. Batchelors degree ( in IT Preferably)
2. CISSP (preferred)
Spring Technology acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers. The Spring Group UK is an Equal Opportunities Employer.
By applying for this role your details will be submitted to Spring. Our Candidate Privacy Information Statement explaining how we will use your information is available on our website.