Description
Information Security Officer
Central London
Initial 6 month contract - £275 - £300 per day
Opportunity
Reporting to the Information Security Manager and based at the Head Office of this multinational organisation which supports the core business functions and objectives of the Group with the provision of a broad range of information systems and services. As a result there is a need to maintain demonstrable information risk assurance and controls on personal data handling and intellectual property assets. As the Information Security Officer (ISO) you will have the following responsibilities:
- Assisting the development and drafting of the information security policy and standards in line with good practice, the Sony Global Information Security Policy & Standards, and compliance to frameworks which include ISO27002, PCI DSS and others.
- Conducting security reviews and assessments across all areas of the client business and developing implementable remediation plans to address any findings.
- Assisting in the maintenance of the information security risk register utilising various risk assessment methodologies (identifying information security risks and risk treatment actions and escalating them through appropriate management channels) and managing appropriate treatment activity.
- Identification and investigating information security incidents and coordinating the resolution of information security incidents by liaising with the business.
- Promoting, developing, and conducting information security training, education and awareness programs to a diverse audience of employees.
- Assisting in the coordination and implementation of a programme of penetration testing, patch management, vulnerability scanning, and security reviews of the environment based on risk.
- Coordinating a programme of information security initiatives and business projects ensuring they are delivered on track in budget.
- Provide guidance to the business and IT on Information Security related matters.
- Conducting third party assessments ensuring the implementation of third party outsourcing security policies.
Experience Required
- Extensive, full time experience within information security management which must include versatile and diligent auditing and gap assessments of the following information security disciplines:
- Security controls of third parties;
- Information security incident management;
- Change control;
- Help desk processes;
- Software development;
- Physical security;
- Business continuity planning; and
- Data protection.
- Hands-on experience of managing information security in a FTSE organisation or large multinational.
- Excellent demonstrable experience of working with relevant industry leading practice security standards and legislation; eg ISO27001, BS2599, PCI Security Standards
- Familiarity with formal risk assessment, controls and project management methodologies
- Experienced in liaising with auditing organisations such as Lloyds Register Quality Assurance (LRQA) and Global Certification for independent verification.
Qualifications
- MSc in Information Security Management (or equivalent levels of experience)
- CISA, CISM, CRISC, ISO27001 Lead Auditor, CiISMP or CISSP would be desirable (this list is not exhaustive)
- Prince2 Project Management Practitioner
If this position is of interest then please forward your CV in application at your earliest opportunity.
McGregor Boyall is an equal opportunity employer and do not discriminate based on race, religion, gender, age, sexuality, gender identification, or physical ability.