Paying up to £55,000
Are you an Information Security Professional looking for an exciting new role? Do you consider yourself as highly influential and enjoy teaching others whilst working on new ways to solve problems? Want to take your info-sec skills to the next level?
We are looking for an experienced and proactive Information Security lead for a growing non-profit organisation. The information they manage to support their mission is critical. They need to be an exemplar in the handling of data, demonstrating they can be trusted with personal and special category information, handling it in a legal and safe in everything we do. This is of particular importance when planning and delivering new projects and services to our stakeholders. The Information Management and Security Lead will concentrate in this area, ensuring the Trust’s new or updated services and systems create, stores or processes information in line with information management and security best practice.
ABOUT THE ROLE
The Information Management Lead will:
● Work with teams across the Trust to ensure information management and security best
practice is ‘designed’ in from the outset.
● Act as a subject matter expert for information management and security on business
and technology projects; providing consultancy from a governance, risk, compliance
and technical standpoint to assist and provide direction to project managers, the
business and Information & Technology.
● Analyse prospective new or updated Trust services or systems, and build prioritised
information management and security requirements for delivery.
● Lead on the Trust’s’ commitment to preserving the confidentiality, integrity and
availability of all the physical and electronic information assets throughout the
organisation and across the wider partnership.
● Assist in the management of compliance against applicable standards and
regulations such as EU GDPR, ISO 27001, FoIA, Cyber Essentials Plus, PCI DSS, DPA,
Public Records Act, and legal and regulatory requirements.
● Assist in the management of the Trust’s Information Asset Register, ensuring accuracy
and updates are received in a timely fashion from the information asset owners.
● Assist in the analysis of information management and security related incidents and
maintain a record of any breaches that occur, and the remediations that follow.
● Assist in the management of the lifecycle of testing required to ensure that NCS
systems and services are protected (e.g. penetration testing).
● Participate in groups and forums to drive best practice in information management
and security across the NCS Trust and its wider network.
● Deputise for the Head of Information Management & Security as required.
● Support any compliance activities linked to legislation such as the Data Protection
Act, Public Records Act, and the EU General Data Protection Regulation (EU GDPR).
Desirable Qualifications and Memberships
● CISSP or CISM/CISMP
● CIPP/E and/or CIPM
● Prince2: 2017
The company have a set of core values that are central to the way they work. For this role, we are
therefore looking for someone who will:
● Be trustworthy, help and be helpful, make a massive positive impact, aspire to simplicity, operate in real-time, be excellent, and have fun.
● Experience working with project managers, stakeholders and end-users to define
information management and security requirements, ensure delivery of the
requirements raised, their testing and designated standards of working with
operational teams, facilitating the efficient hand-over of solutions delivered.
● Extensive knowledge of the information security standards, and how to ensure
delivery against those standards.
● Very strong inter-personal skills and experience of working collaboratively with
technical and non-technical teams and external stakeholders.
● Comfortable delivering training and awareness sessions to non-information
management and security, and/or non-technical audiences.
Skills & Attributes
● Substantial experience in an information management/information security or similar
role either in a commercial or a non-for-profit environment.
● Knowledge of information security standards, frameworks and best practices (ISO
27001, Standard of Good Practice for Information Security (SoGP) and/or ITU-T X. 805
-2003 an advantage)
● Knowledge of compliance requirements from EU GDPR, UK FoIA and the UK DPA
● Risk analysis and risk management experience (experience of MoR, ISO 27005 and/or
IRAM 2 an advantage)
● IT project methodologies (Especially Prince2: 2017 or Agile)
● Experienced in Incident Management and case handling
● Ability to manage conflicting priorities, multitask and meet deadlines
● Ability to analyse complex technical landscapes and evaluate technical solutions
ABOUT THE COMPANY
The company is an independent not for profit Community Interest Company established by the
Cabinet Office to drive and deliver the company’s Programme. They have grown rapidly since the
programme was piloted in 2011 and 2012, and over 93,000 16 and 17 year olds took part in
2016. The company is a once in a lifetime experience for 16 and 17 year olds – they
take part in outdoor activities, meet new people and have the chance to give something
back to their communities. Through the organisation, their confidence grows as they learn new skills that they can put on CVs and university and college applications.
The company runs across England and Northern Ireland in the summer and during academic breaks in autumn and spring. It is a flagship voluntary programme for 16 and 17 year olds, which aims
ABOUT THE REWARDS
up to £55,000 per annum
Generous holiday allowance
Investment in training
5% non-contributory pension
HOW TO APPLY
Great opportunities like this don’t last long. Submit your CV now at firstname.lastname@example.org. Alternatively, give Sophie a call on 02030 966763 to discuss whether this role is right for you.