Description
Information Security Officer - CISP - PCI DSS - ISO 27001
Overview
A fantastic opportunity has arisen for multiple Business Information Security Officer's.
As Business Information Security Officer you will be a part of a team, helping the business improve its information security posture with respect to delivering products and services to clients and consumers. You will be responsible for performing risk and control and compliance assessments.
This is a great next step for someone in an Information security role looking to take their career to the next level in a senior Information security role is based in Nottingham.
Key responsibilities
Implement the Information Security Policy and Standards across business unit(s)
Ensure that appropriate visibility of non-compliance is raised through the corporate issues and risk processes
Proactively identify information security deficiencies or opportunities for improvement and facilitate development of pragmatic solutions
Provide escalation path for information security issues, incidents and enquiries
Engage with clients and customers as needed to assist business achieve its objectives with pre and post sales activities (eg explain our security program, support external audits, support bids/rfp process, etc.)
Support Information Security Assessments for third parties
Provide regular, timely reporting on the information security status across the supported business units
Performing information security reviews and control compliance assessments
Reviewing BU processes and products for policy violation/non-compliance areas
Performing acquisition due diligence for Information Security risks and control deployment
Be a part of the business unit team and act in a consultative way to help business improve its security posture and adhere to security policies and expected controls
Ensuring new products/services, applications, new third party or client relationship, etc. has appropriate security controls Embedded and that the risks are appropriate addressed
Participate in BU related conferences or client facing engagements and present as needed
Assist business in managing and preventing future incidents and providing incident coordinator services as needed
Job requirements and qualifications
A solid background providing Security solutions from a Security risk and governance
Excellent communication/presentation skills including the ability to translate technical/security issues to business users
Ability to communicate to and influence senior management
Excellent Leadership skills with ability to independently lead virtual teams to deliver results
Self-motivated, willingness to take on challenges and adaptability to change and manage changing priorities
Process Driven and an eye for detail
Organizational and Planning skills including a working knowledge of project management techniques (eg PRINCE 2)
A sound understanding of security best practise and international standards such as ISO2700 and PCI DSS
Good understanding of software development processes particularly in relation to secure development
Good understanding of key network and technical security controls
Security Training and Awareness and Security Incident Management knowledge experience
Ability to demonstrate security skills via a recognised Information Security qualification (eg CISA, CISM or CISSP and/or ISO 27001 Lead Auditor Certification)
Demonstrable experience of driving operational implementation of policies and processes across business units, using influencing and security skills
Demonstrable experience of working within regulated environments
Knowledge and experience of Information Security Risk and Security governance Understanding of risks in banking/financial services sector will be an added advantage
If you match these requirements, please apply in the normal way. Elevate will send you an email, please open, click and action that email and your application will be visible to the hiring organisation directly.