Information and Cyber Security Officer - Birmingham

A pan-UK logistics organisation is currently seeking to hire an Information and Cyber Security (I&CS) Officer to be based at its Birmingham headquarters.

The main remit of the role will be to lead and be the Subject Matter Expert on Information Security assurance and risk management, ensuring that the organisation's IT systems are designed and operated in a way that keeps its information safe and secure.

This critical role requires the successful candidate to safeguard the company as it expands the scale and scope of its information applications and systems and ensure that it delivers an IT system that meets government and legal obligations for information security.

Responsibilities

• Provide accurate advice and guidance on information security for the company and advise and support Tier 1 contractor information security management teams where required.
• Ensure the maintenance of information risks on a corporate risk register
• Provide advice on security strategies to manage identified risks.
• Lead on the assessment of any changes to the organisation's systems to ensure the security impact is assessed and ensure ongoing compliance to Information Assurance
• Obtain and act on vulnerability and threat information, including cyber threat intelligence to conduct security risk assessments for business applications and computer installations.
• Initiate investigations into IT security incidents and support the Information Assurance elements of the overall Business Continuity Plan.
• Lead on the mitigation strategies post security incident and factor lessons learned from security incidents into IT security policies and processes.
• Ensure that the IT security policy is updated as IT security threats evolve
• Developing, implementing and enforcing suitable and relevant information security policies, standards and procedures which are reviewed on a regular basis.
• Ensuring compliance with GDPR and other legislation and regulations relevant to information security.

Skills

• Proven track record in security management within a matrix organisation.
• Senior stakeholder engagement and management and the ability to deal with external security partners, such as security authorities and agencies
• Working knowledge of the HMG Security Policy Framework (SPF), governance of Information Assurance within the public sector and of ISO27001:2013.
• Working knowledge of Data Protection, and Freedom of Information Acts
• Risk Management Process
• Auditing and compliance of Information & Cyber Security standards and policies
• Current certification to CISSP, CISM or CESG Certified Professional, or other information security qualification of similar standing.
• Experience of IT architectures and concepts, Cloud, BYOD and Mobile Device Management; OWASP vulnerabilities, tools and methodologies; Security Testing, DPA and ISO27001

Please send your CV to Michael Moretti for immediate consideration.