Information Security Officer

Information Security Officer

My client, a leading professional services provider in central Bristol are actively looking for an Information Security Officer for their team. You will be a pivotal member of the team and will act as the Information Security subject matter expert within the Group, supporting the delivery of the Group's Information Security Management System through second-line oversight and assessment, including management of their ISO27001 certification.

The Role

• Supporting the delivery of the Information Security strategy and agenda, through the provision of professional, pragmatic and business focussed technical advice and guidance to stakeholders, employees and managers within the organisation;
• Providing support, challenge and advice on information security matters to other business areas.
• Managing and maintaining information security risk assessments and controls selection activities, ensuring these are kept up to date and that the relevant management are informed of the risks identified.
• Managing incidents, events and weaknesses and maintaining a comprehensive account of the incidents and their resolutions;
• Acting as a liaison for internal and external audits, ensuring that adequate records are maintained.
• Providing accurate, informative and relevant MI throughout the group.
• Playing a key role in the information security forum, driving excellent security practices and behaviours.
• Creating and delivering suitable information security awareness, training and educational activities;
• Assisting in the mitigation of related information security across the business by providing informative reporting and trend analysis in order to support on-going control development opportunities.
• Completing regular assessment of information security risks and mitigating controls; and
• Providing an independent evaluation of, and opinion on, processes, systems and controls to manage information security risks, and advising on any vulnerabilities highlighted.

Requirements

• A good technical understanding of IT and information security controls;
• Good knowledge of ISO 27001/27002 and related processes;
• A relevant security qualification such as CISSP, SSCP, Security +;
• A keen interest in security topics and a strong desire for continuous development;
• Strong analytical and research skills with excellent report writing and communication skills;
• Strong problem solving skills and self-motivation;
• The ability to plan and prioritise workload in order to achieve deadlines;
• The ability to work independently or with minimal supervision and make a decision on medium level risk; and the ability to build relationships with other business areas through ongoing engagement and support.