Description
SIRA - 6 months - Inside IR35 - Hybrid working - Edinburgh/Glasgow
Day Rate - Circa £593
Harvey Nash's public sector client are currently looking to recruit an experienced Security and Information Risk Advisor (SIRA), you will be required to provide expertise to teams for risk identification, analysis, evaluation and treatment and to develop, operate, maintain and improve the organisation's ISMS.
Main Duties:
Formulate strong relationships between the Information Security and Risk function and business teams:
- Promote Information Security and Risk Services offered.
- Provide advice, guidance and facilitation of information security processes
- Assist stakeholders in understanding and fulfilling their information security roles and responsibilities
Communicate the requirements of Information Security Policies and Standards, to ensure that teams and colleagues are able comply with their requirements and ensure that protective measures for information assets are adequate.
Deliver sessions and workshops for the identification and analysis of threats to the confidentiality, integrity and availability of information assets, and propose appropriate controls and actions for risk remediation.
Discuss potential opportunities for improvement to information security policies, processes or controls with teams and record the proposed improvements in the ISMS Tooling for management analysis.
Observe instances of Non-Conformance, providing details of findings and the motivation for the issue. Use ISMS Tooling to record and prepare reports for the relative ISMS Domain Sponsor who will determine corrective action. Liaise with Teams on required actions to discuss timeframes and delegation of resources.
Undertake internal audit/assurance activities to observe and evaluate ISMS processes and Security Controls, and provide internal stakeholders with reports that outline findings and areas for improvement of compliance.
Contribute towards the development of Information Security and Risk policies, standards and processes, including the maintenance of operating procedures and ensure appropriate ISMS document control is applied.
Support internal stakeholders during independent audits through prior preparation of ISMS artefacts and records to be available upon request by the auditor.
Essential Skills:
- The candidate will have knowledge including (but not limited to):
- Identification, assessment and management of risk
- Security assurance and the measurement of controls
- Creation of ISMS and IT Security documentation (Policies, Standards, Processes, Procedures and Patterns)
- Internal and Third-Party Audits
- Risk and threat modelling
- Compliance and Assurance Activities
- Business process analysis and mapping (to determine alignment against agreed industry practice and recognised control frameworks)
- The candidate will hold the following certifications/qualifications or equivalent:
- Certificate in Information Security Management Principles
- Certified Internal Auditor of Management Systems
Desirable Sills & Experience
- Certified Information Systems Security Professional (CISSP) or equivalent
- Certified Lead Implementer of Management Systems (including Information Security and Business Continuity)
- Certified Lead Auditor of Management Systems
- Certified Security Risk Manager
- Practitioner Certificate in Information Risk Management
- Supporting organisations through security certification activities (ex. ISO27001)
- Building security capability, training and awareness or exercising programmes
- Designing information security incident management procedures
- Non-Technical Certifications relative to IS (including GDPR Practitioner, CLI ISMS, CLA ISMS)
- Technical Certifications that support information security (ISC2, ISACA, Microsoft, Cisco, CompTIA Security+)
This role has been deemed Outside IR35 by the client. Applicants must hold, or be happy to apply for, a valid standard Disclosure Scotland. Please click the link to apply.