Lead Information Security Officer - GRC

Titel: Lead Information Security Officer - GRC
Contract Type: Permanent
Plaats: North West England, England
Salaris: £45000 - £55000 per annum + remote
REF: AC04564_1597239986
Contactpersoon: Alice Crossley
Gepubliceerde vacature: 2 maanden geleden


We are looking for an experienced Information Security professional to join a expanding InfoSec team to help provide governance & oversight of their information security risk & control environment. You will be joining an expanding team for a reputable, global business.

You must be able to translate risk recruitment's & constraints of the business into security control requirements, as well as to develop metrics for ongoing performance measurement & reporting.

Key Responsibilities:

  • To work within IT and wider business teams to assess information security risk, to identify opportunities to reduce risk
  • Assist the ISO in the management, maintenance and scope of the ISO 27001 framework
  • Manage the reporting framework to produce quality management information for all levels of audience to ensure that quality & relevant reporting is provided to senior management on a timely basis
  • Maintain the reporting framework to produce quality management information for all levels of audience to ensure that quality reporting is provided to senior management
  • Maintain the information security policy framework, creating a suite of quality policy, standards & guidelines in collaboration with key stakeholders
  • Create, manage and own information security assurance framework,

Key Skills & Experience

  • Experience in an information security role that focus's around Governance, Risk & Compliance
  • Strong analytical skills to analyse security requirements
  • Proven expedience & ability to successfully delivery results in accordance to specific deadlines
  • Clear ability to engage with technical and non technical audiences at various levels
  • Familiarity with relevant UK & international security & privacy regulation & legislation would be advantageous.
  • Proven track record of being able to assess and prioritise business imperatives to ensure the team supports both the IT and the firms strategic and functional goals
  • Experience of implementing, managing or working with risk management methodologies or common information security management frameworks and standards, such as ISO27001, ISO 31000, CIS, ITIL, COBIT, PCI-DSS or NIST within a regulated environment, performing risk assessments and business impact analysis would be beneficial

This is a great opportunity to work for a business that promotes and pushes progression, to get involved with all aspects of information security and really play a key part in their future moving forward.

Paying p to £55k, this role requires minimal attendance in the office, potentially only a couple of times a month so location within the UK is flexible

Please click apply or email for more details