Information Security Management Systems Coordinator

  1. Permanent
£45,000 - £47,000 per annum
JTIS0002

London

The details

Information Security Management Systems Co-Ordinator

Description

Role Purpose:

As a key member of the Chief Information Security Office (CISO) Team, the co-ordinator will be responsible for the effective audit, management and operation of the information security management system and will support the Information Security Manager to identify, assess and manage IS risks in the firm and improve effectiveness of IS controls.

The IS Management System co-ordinator will take a lead in auditing IS controls both delivering audits themselves and coordinating with other internal and external auditors. The focus of the role will maintaining ISO 27001 and other cyber and IS certifications and supporting the business to more effectively manage IS risks.

This is a great role for an early career (qualified and with some experience), information security risk and compliance professional who wants to develop their cyber and information security skills, and expertise to the highest level in a professional, innovative and commercially focused organisation.

Duties & Responsibilities:

  • Maintain the organisation's Information Security Management System (ISMS)
  • Perform audits of information security controls to measure compliance with documented policies, standards and procedures
  • Co-ordinate and support internal and other audits to ensure maintenance of the firms ISO27001 and other cyber certifications
  • Engage with and manage stakeholders across the firm to facilitate identification, assessment and remediation of IS risks and appropriate controls
  • Coordinate and support the development, documentation and implementation of information security policies, processes and procedures to ensure effectiveness of controls
  • Coordinate and support the reviewing/redesigning internal processes and systems to ensure information confidentiality, integrity and availability
  • Document and issue reports of findings in a timely manner and agree and monitor corrective actions with stakeholders
  • Maintain a Corrective Action Plan ensuring that actions are completed by the agreed target dates
  • Maintain the Risk Register and monitor it to ensure that actions are completed by the agreed target dates
  • Define and maintain a record of compliance obligations mapping the evidence required to demonstrate alignment
  • Create reports of risk and compliance status as required
  • Define appropriate metrics for key activities and report against these
  • Maintain the controlled document repository ensuring that process owners update their documentation by agreed review dates
  • Complete information security due diligence requests from clients and prospects as requested
  • Assist with maintenance of the knowledge base of common information security questions and responses to ensure responses to the business are timely and accurate
  • Facilitate information security due diligence assessments on 3rd parties offering services to the firm and support procurement processes
  • Support the CISO, Data Protection Officer, Cyber Security Manager and colleagues to provide a consistent and high quality Information Security service to the business.

Core Skills & Experience required:

Professional skills:

  • ISO 27001 lead Auditor / Lead Implementer

Professional knowledge and experience:

  • Good understanding and experience of ISO27001:2013 standard and 27002 control framework
  • Good understanding and experience of operation and management of risk, controls and compliance in corporate environments
  • Good understanding of governance and decision making in complex organisations
  • Experience of control design, control implementation, assessing control effectiveness and identifying opportunities for improvement
  • Knowledge and experience of cyber security and information security principles and processes
  • Excellent stakeholder management, communication and organisational skills
  • Knowledge and experience of IT project and change management approaches
  • Experience of the development and delivery of commercial services and systems
  • Knowledge and experience of ITIL and IT services delivery processes
  • Knowledge and experience of continuous improvement processes and approaches
  • Experience of documenting, developing and improving information security policies, processes and procedures
  • Good understanding of current UK data protection requirements and the General Data Protection Regulation
jobs

Related jobs

Performance Reporting Analyst

Salary:

£70,000 - £80,000 per annum

Location:

London

Market

Commerce & Industry

Job Discipline

Qualified Finance

Industry

Energy, Resources and Industrial

Salary

£80,000 - £100,000

Qualification

Fully qualified

Contract Type:

Permanent

** DEFAULT listwidget.vacancypartial.description - en-GB **

We are working with a leading London based natural resources business who has an opportunity for a Senior Performance Analyst to join their FP&A team.

** DEFAULT listwidget.vacancypartial.reference - en-GB **

BBBH162477

** DEFAULT listwidget.vacancypartial.expirydate - en-GB **

23/12/20

Pres Pillai

** DEFAULT listwidget.vacancypartial.author - en-GB **

Pres Pillai
Pres Pillai

** DEFAULT listwidget.vacancypartial.author - en-GB **

Pres Pillai
Find out more
Junior Management Accountant

Salary:

£25,000 - £28,000 per annum

Location:

London

Market

Commerce & Industry

Job Discipline

Part Qualified & Transactional Finance

Industry

Transport & Logistics

Salary

£25,000 - £30,000

Qualification

Part qualified

Contract Type:

Permanent

** DEFAULT listwidget.vacancypartial.description - en-GB **

.

** DEFAULT listwidget.vacancypartial.reference - en-GB **

JMF827311

** DEFAULT listwidget.vacancypartial.expirydate - en-GB **

02/12/20

James Metcalfe

** DEFAULT listwidget.vacancypartial.author - en-GB **

James Metcalfe
James Metcalfe

** DEFAULT listwidget.vacancypartial.author - en-GB **

James Metcalfe
Find out more
AAT Bookkeeper/Management Accountant

Salary:

£20,000 - £24,000 per annum

Location:

Liverpool, Merseyside

Market

Professional Services

Job Discipline

Part Qualified & Transactional Finance

Industry

Professional Services

Salary

£0 - £25,000

Qualification

None specified

Contract Type:

Permanent

** DEFAULT listwidget.vacancypartial.description - en-GB **

AAT BOOKKEEPER / MANAGEMENT ACCOUNTANT

** DEFAULT listwidget.vacancypartial.reference - en-GB **

ASS1611213

** DEFAULT listwidget.vacancypartial.expirydate - en-GB **

02/12/20

Annabelle Surch

** DEFAULT listwidget.vacancypartial.author - en-GB **

Annabelle Surch
Annabelle Surch

** DEFAULT listwidget.vacancypartial.author - en-GB **

Annabelle Surch
Find out more
MI Analyst

Salary:

£25,000 - £30,000 per annum

Location:

Liverpool, Merseyside

Market

Professional Services

Job Discipline

Part Qualified & Transactional Finance

Industry

Professional Services

Salary

£30,000 - £35,000

Qualification

None specified

Contract Type:

Permanent

** DEFAULT listwidget.vacancypartial.description - en-GB **

Brand new opportunity for an MI Analyst who is experienced in building dashboards

** DEFAULT listwidget.vacancypartial.reference - en-GB **

ASS1698762

** DEFAULT listwidget.vacancypartial.expirydate - en-GB **

02/12/20

Annabelle Surch

** DEFAULT listwidget.vacancypartial.author - en-GB **

Annabelle Surch
Annabelle Surch

** DEFAULT listwidget.vacancypartial.author - en-GB **

Annabelle Surch
Find out more
View all jobs
posts

Related articles

Will IR35 affect your business?
Will IR35 affect your business?

** DEFAULT postresults.teaserlabel - en-GB **

General

** DEFAULT postresults.contenttypelabel - en-GB **

General

20/06/19

** DEFAULT postresults.summarylabel - en-GB **

Employees in the United Kingdom can be categorised as full-time, part-time, casual, freelance and contract workers, with the self-employed bracket now making up 15% of the entire working population. The number of self-employed workers jumped from 3.3 million in 2001 to 4.8 million in 2017, with a corresponding fall in the unemployment rate showing the overall boost in jobs growth from the rise in self-employment. However, the attractive market for freelancers and contractors has been hit with some uncertainty in recent times, thanks largely to the 2018 Autumn Budget’s announcement of IR35 tax reforms. Here’s what the new IR35 rules could mean for you and your business: What is IR35? IR35 is a piece of legislation originally introduced to the UK in 1999. Its purpose is to differentiate between those workers who operate as genuine contractors and those who work as ‘disguised’ employees to avoid paying tax. It came about to challenge contractors who were taking advantage of the tax efficiencies of working through a limited company, with the aim of defending both the Exchequer from lost taxes and protecting workers’ rights from unscrupulous employees. However, the IR35 has proven to be ambiguous for many, with some contractors taking advantage of loopholes and a lack of clarity. Hence, the new IR35 rules aim to tighten up the contractor market and ensure tax avoidance loopholes are closed. How does IR35 work? There are three principles that can help to determine employment status and whether a contractor falls inside or outside IR35: Control (the degree of control the client has over the work a contractor does and how and when they do it) Substitution (whether the worker needs to do the work themselves or if they could send a substitute in their place) Mutuality of obligation (whether the employer is obliged to offer work and the contractor is obliged to accept it). Additionally, the contract type, provision of equipment and whether a worker is “part and parcel” of a business can all help to determine whether someone falls inside or outside IR35. The change in IR35 rules shifts the responsibility to determine tax status away from the contractor and onto the business that takes them on. Until now, contractors have been able to self-determine their status, however as of April 2020, when the new rules come into effect for the private sector, companies will risk being fined if they don’t make the correct assessment.  How will IR35 impact contract workers? It’s anticipated that many contract workers who have been enjoying the tax benefits of working outside IR35 will fall under the legislation when employers are tasked with determining their status. This will see more contractors having tax and National Insurance contributions deducted from their pay. However, if you operate as a legitimate small business and are determined to work outside of IR35, you will not be affected by the rule changes. How will IR35 impact employers? The major change for businesses is that they will now be responsible for determining the IR35 status of any contractor working for the company. The new rules will only apply to medium and large sized businesses, so contractors who work for small businesses can continue to set their own IR35 statuses. Those businesses that the IR35 rule changes do apply to will face paying back taxes and fines should they be found to be noncompliant. What should I do to prepare for IR35? Contractors may wish to speak to an accountant or personal finance expert to determine whether IR35 will impact them and if a move to permanent work may prove to be more beneficial after the rules come into effect. For many, contracting will remain appealing regardless of increased tax responsibilities, however it’s important to factor in any change in income that IR35 may bring about. Businesses are being warned not to make blanket assessments that cover all their contractors, as this can leave workers without a fair assessment and risk them paying unnecessary taxes without equivalent employment rights. Instead, businesses should consider IR35 status on a case-by-case basis or they may risk losing out on top talent. The HMRC has released a consultation document for businesses to prepare for the IR35 changes, recommending identifying and reviewing current contract workforce status and putting processes in place for taking on new workers. At Marks Sattin, we pride ourselves on keeping abreast of all industry legislation, updates and changes that affect our candidates and clients. Speak with us about how we can help you. References: https://www.bbc.co.uk/news/business-44887623 https://www.ons.gov.uk/employmentandlabourmarket/peopleinwork/employmentandemployeetypes/articles/trendsinselfemploymentintheuk/2018-02-07 https://www.contractorcalculator.co.uk/what_is_ir35.aspx https://www.axa.co.uk/business-insurance/business-guardian-angel/how-ir35-changes-will-affect-freelancers-and-self-employed-contractors/ https://www.telegraph.co.uk/business/ir35-rules/new-contractor-tax/ https://www.telegraph.co.uk/business/ir35-rules/how-will-new-rules-impact-business/ HMRC consultation document

** DEFAULT postresults.teaserlabel - en-GB **

Employees in the United Kingdom can be categorised as full-time, part-time, casual, freelance and contract workers

Read full article
Pres Pillai

by

Pres Pillai

Pres Pillai

by

Pres Pillai

Accountancy and the threat of cybercrime
Accountancy and the threat of cybercrime

** DEFAULT postresults.teaserlabel - en-GB **

Technology

** DEFAULT postresults.contenttypelabel - en-GB **

General

11/04/16

** DEFAULT postresults.summarylabel - en-GB **

In the festive season, with an increased volume of online shopping traffic (this year’s Black Friday and Cyber Monday set a new record for internet retailing), the UK’s vulnerability to online criminals is critical. Cybercrime has gone from being virtually unknown 20 years ago to being identified by the Government as one of the UK’s top national security risks – alongside terrorism. The perpetrators of cybercrime are no longer bedroom dwelling ‘script kiddies’ either, with powerful countries maintaining elite units of hackers. The threat to business is now greater than ever. Research estimates that cybercrime costs large companies in the UK an average of £4.1 million a year, and there are several parts of a company’s operations at risk. In recent years, companies have had funds stolen, products in development spied upon, and their customers’ data compromised.  The latter is a particular risk for organisations given the negative publicity this can cause. TalkTalk recently hit headlines when it reported that the credit card data of thousands of its customers had potentially been compromised, which resulted in a 7% fall in its share price.  The challenge posed by cybercrime is particularly acute for accountants who maintain highly sensitive and sought after client data on their systems, and a breach of financial information could be catastrophic for a firm operating in an industry that is built on trust between client and practitioner. Accountants of all sizes therefore need to make sure they are able to ward off cybercriminals – and have a plan of action ready should things go wrong.    

** DEFAULT postresults.teaserlabel - en-GB **

Cybercrime has gone from being virtually unknown 20 years ago to being identified by the Government as one of the UK’s top national security risks – alongside terrorism.

Read full article
Michael Moretti

by

Michael Moretti

Michael Moretti

by

Michael Moretti

Cyber crime against financial firms increasing
Cyber crime against financial firms increasing

** DEFAULT postresults.teaserlabel - en-GB **

Technology

** DEFAULT postresults.contenttypelabel - en-GB **

General

11/04/16

** DEFAULT postresults.summarylabel - en-GB **

The threat cyber crime poses to financial services firms across the globe is becoming more pronounced, according to the latest report on the matter by PwC.  Some 45 per cent of respondents to the organisation's survey had been the victims of some form of economic crime in the past, with 39 per cent having fallen prey to the dangers posed by hackers and other web-based threats. Advances in computing and the growing use of big data analysis means technology is increasingly becoming the main tool utilised in economic theft, the firm suggested. Around half of the businesses that had experienced some form of crime in the response period recorded a jump in the number of incidents recorded as well as the financial cost of such occurrences. The survey took in responses from 1,330 financial services firms across 79 countries, suggesting that this is a global issue rather than one simply confined to trading and business hubs such as London, New York and Tokyo. Money laundering, accounting fraud and corruption remain issues, but cyber crime was the biggest threat driver among all the companies who took part in the report. Andrew Clark, partner in PwC’s forensics practice, said: "The financial services sector was one of the first to be targeted by cyber crime - little wonder, as there have always been significant potential financial gains to be had from subverting computerised processes and corporate controls in banks." The methods adopted by criminals are constantly evolving, meaning banks and other institutions need to take steps to upgrade their protective systems on a regular basis, he added. "It is concerning that 40 per cent of all financial services respondents believe that it is unlikely their organisations will experience cyber crime in the next 24 months. Financial services organisations need to recognise cyber crime as a risk type and establish proper reporting," he concluded.

** DEFAULT postresults.teaserlabel - en-GB **

The threat cyber crime poses to financial services firms across the globe is becoming more pronounced, according to the latest report on the matter by PwC.

Read full article
Michael Moretti

by

Michael Moretti

Michael Moretti

by

Michael Moretti