Information Security Management Systems Co-Ordinator

Description

Role Purpose:

As a key member of the Chief Information Security Office (CISO) Team, the co-ordinator will be responsible for the effective audit, management and operation of the information security management system and will support the Information Security Manager to identify, assess and manage IS risks in the firm and improve effectiveness of IS controls.

The IS Management System co-ordinator will take a lead in auditing IS controls both delivering audits themselves and coordinating with other internal and external auditors. The focus of the role will maintaining ISO 27001 and other cyber and IS certifications and supporting the business to more effectively manage IS risks.

This is a great role for an early career (qualified and with some experience), information security risk and compliance professional who wants to develop their cyber and information security skills, and expertise to the highest level in a professional, innovative and commercially focused organisation.

Duties & Responsibilities:

• Maintain the organisation's Information Security Management System (ISMS)
• Perform audits of information security controls to measure compliance with documented policies, standards and procedures
• Co-ordinate and support internal and other audits to ensure maintenance of the firms ISO27001 and other cyber certifications
• Engage with and manage stakeholders across the firm to facilitate identification, assessment and remediation of IS risks and appropriate controls
• Coordinate and support the development, documentation and implementation of information security policies, processes and procedures to ensure effectiveness of controls
• Coordinate and support the reviewing/redesigning internal processes and systems to ensure information confidentiality, integrity and availability
• Document and issue reports of findings in a timely manner and agree and monitor corrective actions with stakeholders
• Maintain a Corrective Action Plan ensuring that actions are completed by the agreed target dates
• Maintain the Risk Register and monitor it to ensure that actions are completed by the agreed target dates
• Define and maintain a record of compliance obligations mapping the evidence required to demonstrate alignment
• Create reports of risk and compliance status as required
• Define appropriate metrics for key activities and report against these
• Maintain the controlled document repository ensuring that process owners update their documentation by agreed review dates
• Complete information security due diligence requests from clients and prospects as requested
• Assist with maintenance of the knowledge base of common information security questions and responses to ensure responses to the business are timely and accurate
• Facilitate information security due diligence assessments on 3rd parties offering services to the firm and support procurement processes
• Support the CISO, Data Protection Officer, Cyber Security Manager and colleagues to provide a consistent and high quality Information Security service to the business.

Core Skills & Experience required:

Professional skills:

• ISO 27001 lead Auditor / Lead Implementer

Professional knowledge and experience:

• Good understanding and experience of ISO27001:2013 standard and 27002 control framework
• Good understanding and experience of operation and management of risk, controls and compliance in corporate environments
• Good understanding of governance and decision making in complex organisations
• Experience of control design, control implementation, assessing control effectiveness and identifying opportunities for improvement
• Knowledge and experience of cyber security and information security principles and processes
• Excellent stakeholder management, communication and organisational skills
• Knowledge and experience of IT project and change management approaches
• Experience of the development and delivery of commercial services and systems
• Knowledge and experience of ITIL and IT services delivery processes
• Knowledge and experience of continuous improvement processes and approaches
• Experience of documenting, developing and improving information security policies, processes and procedures
• Good understanding of current UK data protection requirements and the General Data Protection Regulation