Compliance Officer Hours : part-time, 3 days per week Company : Growing Software Vendor Why : Support the build & maintenance ISO27001 and other policies Location : Greater Reading area office (hybrid, 1 day in the office initially then as and when needed) Do you have 3+ years' experience in a commercial compliance or information security role? Have you been part of maintenance of ISO27001 policies and procedures? Are you a collaborative person that enjoys making a difference? The company are a leading software vendor, experiencing huge growth and with a reputation for being a market leader. They are looking for an experienced Compliance Officer to support the build and completion of ISO27001. You will work closely with C-suite level stakeholders and teams to build and maintain all ISO27001 processes and policies. Once this has been submitted, you will build and support compliance and security initiatives for the business. Responsibilities include: Compliance Officer Support the build and maintenance of ISO27001 policies and procedures and other corporate compliance and information security procedures Support and advise on the identification and management of regulatory compliance risks across the business Help to embed an effective risk and compliance culture across the company Conduct risk identification and impact assessments and coordinate internal reviews and audits Work with stakeholders at all levels of seniority to provide insights, advice and constructive challenge Manage third party relationships Experience Required: Compliance Officer 3+ years experience in a commercial compliance role Experience of ISO27001 policies and procedures Ideally hold industry qualifications i.e. ITIL Foundation or above, ISO 27001 Foundation or above, or PCI DSS QSA Experience developing and implementing clear policies, procedures and controls for information security Excellent report writing and presentation skills Clear written and verbal communication skills Collaborative approach to Compliance and Information Security For more information, please contact Katie at Matched. Compliance Manager / Compliance Officer / ISO27001 / Compliance / Information Security / Information Security Officer
Apr 17, 2024
Full time
Compliance Officer Hours : part-time, 3 days per week Company : Growing Software Vendor Why : Support the build & maintenance ISO27001 and other policies Location : Greater Reading area office (hybrid, 1 day in the office initially then as and when needed) Do you have 3+ years' experience in a commercial compliance or information security role? Have you been part of maintenance of ISO27001 policies and procedures? Are you a collaborative person that enjoys making a difference? The company are a leading software vendor, experiencing huge growth and with a reputation for being a market leader. They are looking for an experienced Compliance Officer to support the build and completion of ISO27001. You will work closely with C-suite level stakeholders and teams to build and maintain all ISO27001 processes and policies. Once this has been submitted, you will build and support compliance and security initiatives for the business. Responsibilities include: Compliance Officer Support the build and maintenance of ISO27001 policies and procedures and other corporate compliance and information security procedures Support and advise on the identification and management of regulatory compliance risks across the business Help to embed an effective risk and compliance culture across the company Conduct risk identification and impact assessments and coordinate internal reviews and audits Work with stakeholders at all levels of seniority to provide insights, advice and constructive challenge Manage third party relationships Experience Required: Compliance Officer 3+ years experience in a commercial compliance role Experience of ISO27001 policies and procedures Ideally hold industry qualifications i.e. ITIL Foundation or above, ISO 27001 Foundation or above, or PCI DSS QSA Experience developing and implementing clear policies, procedures and controls for information security Excellent report writing and presentation skills Clear written and verbal communication skills Collaborative approach to Compliance and Information Security For more information, please contact Katie at Matched. Compliance Manager / Compliance Officer / ISO27001 / Compliance / Information Security / Information Security Officer
I'm delighted to be partnering a global Insurance group to appoint a Business Information Security Officer based in London City. This is a rare and exceptional opportunity for a technical "hands on" and strategic InfoSec leader with experience in data protection, third party risk, operational resilience and implementation of security measures. Someone with project management, delivery and expertise in complex regulatory and contractual requirements. Client Details A leading global re/insurance group comprising distinct businesses covering various Insurance and Reinsurance service offerings across a well-established international customer base. This is a highly compelling Insurance brand with a rich history and deep expertise operating across Lloyd's, UK, European and global markets. This role sits within their successful and growing reinsurance business with a syndicate in the Lloyd's of London market supporting a diverse client portfolio with complex re/insurance needs. Description About the role The Business Information Security Officer (BISO) plays a pivotal role in bridging the gap between business objectives, cybersecurity and data protection strategy focusing on excellence in protecting, detecting, resolving, mitigating, recovering and learning from potential security exposures. Key Responsibilities Direct, embed Information Security and Data Protection Strategy: Assess and set the strategy to achieve and maintain appropriate infoSec practices, controls, resilience, risk identification and responses across Tech and Data Determine, adopt, embed and assess the infoSec framework and certification appropriate to our organisation and markets considering new laws, standards, NIST, ISO27001, CIS, CQUEST etc) Define and execute the cyber strategy, prioritising short, medium and long-term investment considering resilience and risk factors Work with stakeholders to assess impact of new projects, solutions, partnerships and regulations to security and data protection posture and support implementation Lead and collaborate across the group to ensure uniformity in cybersecurity policies and practices Protect, Detect, Respond, Recover, Improve Management: Lead on horizon scanning for security threats, vulnerabilities and mitigations across the estate and data Lead cyber and Data Protection testing for compliance and vulnerability aligning to operational resilience, continuity management and other reg requirements Ensure security content training initiatives are conducted regularly and communicated effectively Develop standards and assess risks of third-party relationships on posture and data protection, advising and monitoring Leadership and Advocacy: Work with the business to incorporate security-by-design principles into projects, architecture, infrastructure, and applications. Collaborate to establish and embed infoSec and data protection standards, resilience, response and recovery capabilities to improve posture within risk tolerances Profile Looking for a proven and forward-thinking Information Security leader who has demonstrable experience leading on development of cyber security and data protection maturity within global, complex and highly regulated organisations. This role is initially a lead individual contributor role with scope for growth. Skills and experience Experience in financial services and preferably Insurance/ Lloyd's market Knowledge of national and global cybersecurity policies, regulations, and frameworks. Expertise in data protection practices, third party assessment and operational resilience Expertise in complex regulatory and contractual requirements and an ability to create effective compliance systems Extensive experience in cybersecurity technology project management and actively promotes and manages security change throughout an organisation Proven working with IT systems, security and governance to align with?control frameworks, incident management, operations and application of security best-practices. Familiar with vendor security risk and data protection reviews and controls Understanding the different Certification such as CISSP, CISM, CRISC, or CISA preferred Experience in building response and recovery capabilities. Excellent written and verbal communication skills, with the ability to engage stakeholders at all levels. Strong understanding of business processes and the ability to integrate cybersecurity seamlessly. Job Offer Opportunity to join a leading global re/insurance firm in this Business Information Security Officer Role: Competitive Basic Salary Performance Related Discretionary Bonus Flexible and Rewarding Pension 28 days leave + buy / sell option Hybrid Working in premium London, City office
Apr 16, 2024
Full time
I'm delighted to be partnering a global Insurance group to appoint a Business Information Security Officer based in London City. This is a rare and exceptional opportunity for a technical "hands on" and strategic InfoSec leader with experience in data protection, third party risk, operational resilience and implementation of security measures. Someone with project management, delivery and expertise in complex regulatory and contractual requirements. Client Details A leading global re/insurance group comprising distinct businesses covering various Insurance and Reinsurance service offerings across a well-established international customer base. This is a highly compelling Insurance brand with a rich history and deep expertise operating across Lloyd's, UK, European and global markets. This role sits within their successful and growing reinsurance business with a syndicate in the Lloyd's of London market supporting a diverse client portfolio with complex re/insurance needs. Description About the role The Business Information Security Officer (BISO) plays a pivotal role in bridging the gap between business objectives, cybersecurity and data protection strategy focusing on excellence in protecting, detecting, resolving, mitigating, recovering and learning from potential security exposures. Key Responsibilities Direct, embed Information Security and Data Protection Strategy: Assess and set the strategy to achieve and maintain appropriate infoSec practices, controls, resilience, risk identification and responses across Tech and Data Determine, adopt, embed and assess the infoSec framework and certification appropriate to our organisation and markets considering new laws, standards, NIST, ISO27001, CIS, CQUEST etc) Define and execute the cyber strategy, prioritising short, medium and long-term investment considering resilience and risk factors Work with stakeholders to assess impact of new projects, solutions, partnerships and regulations to security and data protection posture and support implementation Lead and collaborate across the group to ensure uniformity in cybersecurity policies and practices Protect, Detect, Respond, Recover, Improve Management: Lead on horizon scanning for security threats, vulnerabilities and mitigations across the estate and data Lead cyber and Data Protection testing for compliance and vulnerability aligning to operational resilience, continuity management and other reg requirements Ensure security content training initiatives are conducted regularly and communicated effectively Develop standards and assess risks of third-party relationships on posture and data protection, advising and monitoring Leadership and Advocacy: Work with the business to incorporate security-by-design principles into projects, architecture, infrastructure, and applications. Collaborate to establish and embed infoSec and data protection standards, resilience, response and recovery capabilities to improve posture within risk tolerances Profile Looking for a proven and forward-thinking Information Security leader who has demonstrable experience leading on development of cyber security and data protection maturity within global, complex and highly regulated organisations. This role is initially a lead individual contributor role with scope for growth. Skills and experience Experience in financial services and preferably Insurance/ Lloyd's market Knowledge of national and global cybersecurity policies, regulations, and frameworks. Expertise in data protection practices, third party assessment and operational resilience Expertise in complex regulatory and contractual requirements and an ability to create effective compliance systems Extensive experience in cybersecurity technology project management and actively promotes and manages security change throughout an organisation Proven working with IT systems, security and governance to align with?control frameworks, incident management, operations and application of security best-practices. Familiar with vendor security risk and data protection reviews and controls Understanding the different Certification such as CISSP, CISM, CRISC, or CISA preferred Experience in building response and recovery capabilities. Excellent written and verbal communication skills, with the ability to engage stakeholders at all levels. Strong understanding of business processes and the ability to integrate cybersecurity seamlessly. Job Offer Opportunity to join a leading global re/insurance firm in this Business Information Security Officer Role: Competitive Basic Salary Performance Related Discretionary Bonus Flexible and Rewarding Pension 28 days leave + buy / sell option Hybrid Working in premium London, City office
Security Assurance Officer Location: UK Remote Salary: £350 - £450 per day + Excellent Benefits Job Type: 12 month contract (Inside IR35) The Client: Our client, a prominent organisation, collaborates with the NHS to empower researchers in discovering disease causes and developing innovative treatments, with a focus on prioritising patients and participants. The Role: You will enable them to rapidly implement a new and improved approach to third party security and ensure that they have performed adequate third party security assurance of all their existing third parties. You will also help the client mature their approach to third party security assurance and support security assurance of new suppliers. Duties: Third Party Security Assurance. Work with 3rd parties to analyse complex information and be able to question this insightfully Tease out additional information and assess risk, auditing these suppliers and making recommendations based on your findings. Categorising existing suppliers based on criticality, risk, etc. Reviewing security certifications of third parties. Conducting security due-diligence on third parties. Helping establish regular reviews of the security of the client's third parties Requirements: Experience of complex and technical security assessments. Experience conducting third party security assurance. Knowledge of ISO 27001 and other commonly used security standards. Understanding of modern cloud technologies. Desire to be part of a small fast-paced team. Relevant certifications, such as: ISO 27001 Lead Auditor/Implementor, CISM, CISA, CISSP. Apply now for this exceptional opportunity to work with a dynamic team and further enhance your career. Important Information: We endeavour to process your personal data in a fair and transparent manner. In applying for this role, Additional Resources will be acting in your best interest and may contact you in relation to the role, either by email, phone or text message. For more information see our Privacy Policy on our website. It is important you are aware of your individual rights and the provisions the company has put in place to protect your data. If you would like further information on the policy or GDPR please contact us. Additional Resources Ltd is an Employment Business and an Employment Agency as defined within The Conduct of Employment Agencies & Employment Businesses Regulations 2003. Key Words: Security Assurance, 3rd party security, third party security, ISO27001, ISO 27001, CISM, CISA, CISSP, Audit
Apr 16, 2024
Full time
Security Assurance Officer Location: UK Remote Salary: £350 - £450 per day + Excellent Benefits Job Type: 12 month contract (Inside IR35) The Client: Our client, a prominent organisation, collaborates with the NHS to empower researchers in discovering disease causes and developing innovative treatments, with a focus on prioritising patients and participants. The Role: You will enable them to rapidly implement a new and improved approach to third party security and ensure that they have performed adequate third party security assurance of all their existing third parties. You will also help the client mature their approach to third party security assurance and support security assurance of new suppliers. Duties: Third Party Security Assurance. Work with 3rd parties to analyse complex information and be able to question this insightfully Tease out additional information and assess risk, auditing these suppliers and making recommendations based on your findings. Categorising existing suppliers based on criticality, risk, etc. Reviewing security certifications of third parties. Conducting security due-diligence on third parties. Helping establish regular reviews of the security of the client's third parties Requirements: Experience of complex and technical security assessments. Experience conducting third party security assurance. Knowledge of ISO 27001 and other commonly used security standards. Understanding of modern cloud technologies. Desire to be part of a small fast-paced team. Relevant certifications, such as: ISO 27001 Lead Auditor/Implementor, CISM, CISA, CISSP. Apply now for this exceptional opportunity to work with a dynamic team and further enhance your career. Important Information: We endeavour to process your personal data in a fair and transparent manner. In applying for this role, Additional Resources will be acting in your best interest and may contact you in relation to the role, either by email, phone or text message. For more information see our Privacy Policy on our website. It is important you are aware of your individual rights and the provisions the company has put in place to protect your data. If you would like further information on the policy or GDPR please contact us. Additional Resources Ltd is an Employment Business and an Employment Agency as defined within The Conduct of Employment Agencies & Employment Businesses Regulations 2003. Key Words: Security Assurance, 3rd party security, third party security, ISO27001, ISO 27001, CISM, CISA, CISSP, Audit
Security Assurance Officer Location: UK Remote Salary: £350 - £450 per day + Excellent Benefits Job Type: 12 month contract (Inside IR35) The Client: Our client, a prominent organisation, collaborates with the NHS to empower researchers in discovering disease causes and developing innovative treatments, with a focus on prioritising patients and participants. The Role: You will enable them to rapidly implement a new and improved approach to third party security and ensure that they have performed adequate third party security assurance of all their existing third parties. You will also help the client mature their approach to third party security assurance and support security assurance of new suppliers. Duties: Third Party Security Assurance. Work with 3rd parties to analyse complex information and be able to question this insightfully Tease out additional information and assess risk, auditing these suppliers and making recommendations based on your findings. Categorising existing suppliers based on criticality, risk, etc. Reviewing security certifications of third parties. Conducting security due-diligence on third parties. Helping establish regular reviews of the security of the client s third parties Requirements: Experience of complex and technical security assessments. Experience conducting third party security assurance. Knowledge of ISO 27001 and other commonly used security standards. Understanding of modern cloud technologies. Desire to be part of a small fast-paced team. Relevant certifications, such as: ISO 27001 Lead Auditor/Implementor, CISM, CISA, CISSP. Apply now for this exceptional opportunity to work with a dynamic team and further enhance your career. Important Information: We endeavour to process your personal data in a fair and transparent manner. In applying for this role, Additional Resources will be acting in your best interest and may contact you in relation to the role, either by email, phone or text message. For more information see our Privacy Policy on our website. It is important you are aware of your individual rights and the provisions the company has put in place to protect your data. If you would like further information on the policy or GDPR please contact us. Additional Resources Ltd is an Employment Business and an Employment Agency as defined within The Conduct of Employment Agencies & Employment Businesses Regulations 2003. Key Words: Security Assurance, 3rd party security, third party security, ISO27001, ISO 27001, CISM, CISA, CISSP, Audit
Apr 16, 2024
Full time
Security Assurance Officer Location: UK Remote Salary: £350 - £450 per day + Excellent Benefits Job Type: 12 month contract (Inside IR35) The Client: Our client, a prominent organisation, collaborates with the NHS to empower researchers in discovering disease causes and developing innovative treatments, with a focus on prioritising patients and participants. The Role: You will enable them to rapidly implement a new and improved approach to third party security and ensure that they have performed adequate third party security assurance of all their existing third parties. You will also help the client mature their approach to third party security assurance and support security assurance of new suppliers. Duties: Third Party Security Assurance. Work with 3rd parties to analyse complex information and be able to question this insightfully Tease out additional information and assess risk, auditing these suppliers and making recommendations based on your findings. Categorising existing suppliers based on criticality, risk, etc. Reviewing security certifications of third parties. Conducting security due-diligence on third parties. Helping establish regular reviews of the security of the client s third parties Requirements: Experience of complex and technical security assessments. Experience conducting third party security assurance. Knowledge of ISO 27001 and other commonly used security standards. Understanding of modern cloud technologies. Desire to be part of a small fast-paced team. Relevant certifications, such as: ISO 27001 Lead Auditor/Implementor, CISM, CISA, CISSP. Apply now for this exceptional opportunity to work with a dynamic team and further enhance your career. Important Information: We endeavour to process your personal data in a fair and transparent manner. In applying for this role, Additional Resources will be acting in your best interest and may contact you in relation to the role, either by email, phone or text message. For more information see our Privacy Policy on our website. It is important you are aware of your individual rights and the provisions the company has put in place to protect your data. If you would like further information on the policy or GDPR please contact us. Additional Resources Ltd is an Employment Business and an Employment Agency as defined within The Conduct of Employment Agencies & Employment Businesses Regulations 2003. Key Words: Security Assurance, 3rd party security, third party security, ISO27001, ISO 27001, CISM, CISA, CISSP, Audit
IT Security Officer - NCSC, ISO27001, CIPT, CISSP, CISM, CISA Up to 50k depending on skills and experience. Hybrid - will need to be onsite when required. You need to live within commutable distance of Salisbury and due to the clients location, own transport is essential You must be eligible for SC clearance (lived and worked in UK for the last 5 years minimum) What does the company do: Our client provides infrastructure and support services to the armed forces. What You'll Be Doing: With a strong emphasis on Information Security and compliance, this role is fundamental in ensuring our client complies with its ongoing information security obligations, including but not limited to: MOD Accreditation, ISO27001 and Cyber Essentials Plus. This is a new opportunity which will give you scope to make the role your own and advance your career in the longer term. What You'll Need To Know: Minimum of 3 years of hands-on experience of delivering information security best practice Experience of owning and delivering information security initiatives, including awareness programmes, phishing simulations and training. Experience/understanding of National Cyber Security Centre (NCSC) best practices and guidance Experience of leading and conducting audits (especially ISO27001) is essential in this role. Familiar with principles of good data governance, cyber security and data protection. Ability to work across multiple technical projects simultaneously as required, delivering to deadlines Nice To Have: Experience of working in a MoD restricted environment and familiarity with MoD security standards A recognised information security certification (such as CIPT, CISSP, CISM, CISA, Lead Auditor for ISO27001 What You'll Get? to mention a few: 25 days holiday plus bank holidays Holiday purchase to up to 35 days leave in one year 1-2 volunteering days Pension scheme Life assurance x 4 SmartSourcing are a Disability Confident Employer and we promote, celebrate and value diversity, we are committed to promoting equality and inclusion for all.
Apr 16, 2024
Full time
IT Security Officer - NCSC, ISO27001, CIPT, CISSP, CISM, CISA Up to 50k depending on skills and experience. Hybrid - will need to be onsite when required. You need to live within commutable distance of Salisbury and due to the clients location, own transport is essential You must be eligible for SC clearance (lived and worked in UK for the last 5 years minimum) What does the company do: Our client provides infrastructure and support services to the armed forces. What You'll Be Doing: With a strong emphasis on Information Security and compliance, this role is fundamental in ensuring our client complies with its ongoing information security obligations, including but not limited to: MOD Accreditation, ISO27001 and Cyber Essentials Plus. This is a new opportunity which will give you scope to make the role your own and advance your career in the longer term. What You'll Need To Know: Minimum of 3 years of hands-on experience of delivering information security best practice Experience of owning and delivering information security initiatives, including awareness programmes, phishing simulations and training. Experience/understanding of National Cyber Security Centre (NCSC) best practices and guidance Experience of leading and conducting audits (especially ISO27001) is essential in this role. Familiar with principles of good data governance, cyber security and data protection. Ability to work across multiple technical projects simultaneously as required, delivering to deadlines Nice To Have: Experience of working in a MoD restricted environment and familiarity with MoD security standards A recognised information security certification (such as CIPT, CISSP, CISM, CISA, Lead Auditor for ISO27001 What You'll Get? to mention a few: 25 days holiday plus bank holidays Holiday purchase to up to 35 days leave in one year 1-2 volunteering days Pension scheme Life assurance x 4 SmartSourcing are a Disability Confident Employer and we promote, celebrate and value diversity, we are committed to promoting equality and inclusion for all.
IT Security Officer - NCSC, ISO27001, CIPT, CISSP, CISM, CISA Up to 50k depending on skills and experience. Hybrid - will need to be onsite when required. You need to live within commutable distance of Salisbury and due to the clients location, own transport is essential You must be eligible for SC clearance (lived and worked in UK for the last 5 years minimum) What does the company do: Our client provides infrastructure and support services to the armed forces. What You'll Be Doing: With a strong emphasis on Information Security and compliance, this role is fundamental in ensuring our client complies with its ongoing information security obligations, including but not limited to: MOD Accreditation, ISO27001 and Cyber Essentials Plus. This is a new opportunity which will give you scope to make the role your own and advance your career in the longer term. What You'll Need To Know: Minimum of 3 years of hands-on experience of delivering information security best practice Experience of owning and delivering information security initiatives, including awareness programmes, phishing simulations and training. Experience/understanding of National Cyber Security Centre (NCSC) best practices and guidance Experience of leading and conducting audits (especially ISO27001) is essential in this role. Familiar with principles of good data governance, cyber security and data protection. Ability to work across multiple technical projects simultaneously as required, delivering to deadlines Nice To Have: Experience of working in a MoD restricted environment and familiarity with MoD security standards A recognised information security certification (such as CIPT, CISSP, CISM, CISA, Lead Auditor for ISO27001 What You'll Get - to mention a few: 25 days holiday plus bank holidays Holiday purchase to up to 35 days leave in one year 1-2 volunteering days Pension scheme Life assurance x 4 SmartSourcing are a Disability Confident Employer and we promote, celebrate and value diversity, we are committed to promoting equality and inclusion for all.
Apr 16, 2024
Full time
IT Security Officer - NCSC, ISO27001, CIPT, CISSP, CISM, CISA Up to 50k depending on skills and experience. Hybrid - will need to be onsite when required. You need to live within commutable distance of Salisbury and due to the clients location, own transport is essential You must be eligible for SC clearance (lived and worked in UK for the last 5 years minimum) What does the company do: Our client provides infrastructure and support services to the armed forces. What You'll Be Doing: With a strong emphasis on Information Security and compliance, this role is fundamental in ensuring our client complies with its ongoing information security obligations, including but not limited to: MOD Accreditation, ISO27001 and Cyber Essentials Plus. This is a new opportunity which will give you scope to make the role your own and advance your career in the longer term. What You'll Need To Know: Minimum of 3 years of hands-on experience of delivering information security best practice Experience of owning and delivering information security initiatives, including awareness programmes, phishing simulations and training. Experience/understanding of National Cyber Security Centre (NCSC) best practices and guidance Experience of leading and conducting audits (especially ISO27001) is essential in this role. Familiar with principles of good data governance, cyber security and data protection. Ability to work across multiple technical projects simultaneously as required, delivering to deadlines Nice To Have: Experience of working in a MoD restricted environment and familiarity with MoD security standards A recognised information security certification (such as CIPT, CISSP, CISM, CISA, Lead Auditor for ISO27001 What You'll Get - to mention a few: 25 days holiday plus bank holidays Holiday purchase to up to 35 days leave in one year 1-2 volunteering days Pension scheme Life assurance x 4 SmartSourcing are a Disability Confident Employer and we promote, celebrate and value diversity, we are committed to promoting equality and inclusion for all.
Cyber Security Officer - NCSC, ISO27001, CIPT, CISSP, CISM, CISA Up to 50k depending on skills and experience Hybrid - will need to be onsite when required (2-3 Days a week). You need to live within commutable distance of Salisbury and due to our clients location, own transport is essential You must be eligible for SC clearance (lived and worked in the UK for the last 5 years minimum) What does the company do: Our client provides the support services that enable our Armed Forces to prepare for the modern battlefield by maintaining and delivering safe infrastructure and support services that promote sustainable and effective military training. What you will Be doing: With a strong emphasis on Information Security and compliance, this role is fundamental in ensuring our client complies with its ongoing information security obligations, including but not limited to: MOD Accreditation, ISO27001 and Cyber Essentials Plus. What you will Need To Have: Minimum of 5 years hands-on experience of delivering information security best practice Experience of owning and delivering information security initiatives, including awareness programmes, phishing simulations and training. Experience/understanding of National Cyber Security Centre (NCSC) best practices and guidance Experience of leading and conducting audits (especially ISO27001) is essential in this role. Familiar with principles of good data governance, cyber security and data protection. Ability to work across multiple technical projects simultaneously as required, delivering to deadlines Nice To Have Experience of working in a MoD restricted environment and familiarity with MoD security standards A recognised information security certification (such as CIPT, CISSP, CISM, CISA, Lead Auditor for ISO27001 What you will get to mention a few Up to 50k depending upon skills and experience 25 days holiday plus bank holidays Holiday purchase to up to 35 days leave in one year 1-2 volunteering days Pension scheme Life assurance x 4 SmartSourcing are a Disability Confident Employer and we promote, celebrate and value diversity, we are committed to promoting equality and inclusion for all.
Apr 16, 2024
Full time
Cyber Security Officer - NCSC, ISO27001, CIPT, CISSP, CISM, CISA Up to 50k depending on skills and experience Hybrid - will need to be onsite when required (2-3 Days a week). You need to live within commutable distance of Salisbury and due to our clients location, own transport is essential You must be eligible for SC clearance (lived and worked in the UK for the last 5 years minimum) What does the company do: Our client provides the support services that enable our Armed Forces to prepare for the modern battlefield by maintaining and delivering safe infrastructure and support services that promote sustainable and effective military training. What you will Be doing: With a strong emphasis on Information Security and compliance, this role is fundamental in ensuring our client complies with its ongoing information security obligations, including but not limited to: MOD Accreditation, ISO27001 and Cyber Essentials Plus. What you will Need To Have: Minimum of 5 years hands-on experience of delivering information security best practice Experience of owning and delivering information security initiatives, including awareness programmes, phishing simulations and training. Experience/understanding of National Cyber Security Centre (NCSC) best practices and guidance Experience of leading and conducting audits (especially ISO27001) is essential in this role. Familiar with principles of good data governance, cyber security and data protection. Ability to work across multiple technical projects simultaneously as required, delivering to deadlines Nice To Have Experience of working in a MoD restricted environment and familiarity with MoD security standards A recognised information security certification (such as CIPT, CISSP, CISM, CISA, Lead Auditor for ISO27001 What you will get to mention a few Up to 50k depending upon skills and experience 25 days holiday plus bank holidays Holiday purchase to up to 35 days leave in one year 1-2 volunteering days Pension scheme Life assurance x 4 SmartSourcing are a Disability Confident Employer and we promote, celebrate and value diversity, we are committed to promoting equality and inclusion for all.
Location: Remote/2 days per week in West-Midlands Salary: £100,000 - £110,000 + Bonus + Pension + Health + Life Insurance + more Reporting to: CIO Mandate: A pivotal leadership role reporting to the CIO, you will identify and mitigate cyber security risks and embed compliance and industry regulations and lead a small team of cyber and information security SMEs. Expectations: Accountable for Security operations to implement security controls, maintenance of security operations, and cyber crisis management Define and execute a framework of security controls including governance, policy, strategy and risk Collaborate with Data Protection Officer to ensure alignment and compliance between Cyber and Data impacts Facilitating effective Cyber advice and guidance to Transformation and Technology groups Oversee development of current and potential security threats to the organisation Provide threat intelligence to help mitigate vulnerabilities to security incidents Establish clear view of information security risk including policy, strategy and guidelines Drive strong information security culture and adoption across the organisation Inform the business of best practice and rules with cyber and information security processes Skills Required: 10 years of leadership roles in Cyber Security, Information Security, Risk Management and Data Security Certified CISSP, CISM, SSCP, CompTIA Security+ Information Security Frameworks including ISO, IEC 27001 and NIST Experience with security tools, technology and SOC Proven track record of establishing and influencing Information Security frameworks for enterprise organisations Significant experience of effectively influencing and collaborating with enterprise wide stakeholders and vendors Advocate for industry best practice standards, compliance and security standards Track record of contract and vendor negotiations Degree in Cyber Security or Information Security If you are looking for an opportunity to step up into a Head of Cyber Security leading a small team of security experts this could be a great opportunity for you.
Apr 15, 2024
Full time
Location: Remote/2 days per week in West-Midlands Salary: £100,000 - £110,000 + Bonus + Pension + Health + Life Insurance + more Reporting to: CIO Mandate: A pivotal leadership role reporting to the CIO, you will identify and mitigate cyber security risks and embed compliance and industry regulations and lead a small team of cyber and information security SMEs. Expectations: Accountable for Security operations to implement security controls, maintenance of security operations, and cyber crisis management Define and execute a framework of security controls including governance, policy, strategy and risk Collaborate with Data Protection Officer to ensure alignment and compliance between Cyber and Data impacts Facilitating effective Cyber advice and guidance to Transformation and Technology groups Oversee development of current and potential security threats to the organisation Provide threat intelligence to help mitigate vulnerabilities to security incidents Establish clear view of information security risk including policy, strategy and guidelines Drive strong information security culture and adoption across the organisation Inform the business of best practice and rules with cyber and information security processes Skills Required: 10 years of leadership roles in Cyber Security, Information Security, Risk Management and Data Security Certified CISSP, CISM, SSCP, CompTIA Security+ Information Security Frameworks including ISO, IEC 27001 and NIST Experience with security tools, technology and SOC Proven track record of establishing and influencing Information Security frameworks for enterprise organisations Significant experience of effectively influencing and collaborating with enterprise wide stakeholders and vendors Advocate for industry best practice standards, compliance and security standards Track record of contract and vendor negotiations Degree in Cyber Security or Information Security If you are looking for an opportunity to step up into a Head of Cyber Security leading a small team of security experts this could be a great opportunity for you.
Data Protection & Information Security Manager As a purpose-driven organisation, we're all about the 'why'. Babington is committed to developing better futures: for individuals, organisations, and society. For us that means developing skills and creating opportunity for individuals and organisations to perform at their very best. We are looking for an Data Protection & Information Security Manager who can join our Business Enablement department and work at a fast pace, overseeing all data protection and information security governance. If you have knowledge and experience with Data Protection & Information Security and the determination to be part of our journey of Developing Better Futures, then we want to hear from you! Summary of role You will be responsible for the safeguarding of personal and sensitive information handled by Babington. Devising, Implementing and Managing an Information Security Management System (ISMS) across the company, along with conducting the duties of the Data Protection Officer for the business. Brief summary of principle accountabilities Develop and maintain comprehensive Data Protection and Information Security Policies, Procedures, and guidelines. Ensure a robust and compliant strategy is in place to manage physical security - CCTV, Access Control Introduction of process, policy, and procedures to minimise unstructured data exposure risks. Ensure a robust and compliant strategy is developed and implemented to manage Data Retention and Records Management throughout the business. Monitor changes in legislation and accreditation standards that affect information security and data protection and recommend any relevant change requirements to the organisation's policies, procedures, and ways of working. Lead on the management and investigation of Data Breaches, ensuring any lessons learnt are feedback to the appropriate Senior Executive Board member(s). Advise on, and monitor the business's Data Protection Impact Assessments (DPIAs) Develop and deliver training programs to raise awareness about data protection and information security among employees. Foster a culture of security consciousness throughout the organisation. Collaborate with procurement to ensure contractual agreements include appropriate security provisions. Review and where deemed appropriate, implement/ assist in the introduction of security applications and features as required. Brief person specification Qualifications (E - Essential; D - Desirable) Grade A-C GCSE in English and Maths or equivalent ( E ) ISO27001 Lead Implementer ( D ) ISO27001 Lead Auditor ( D ) Certified Data Protection Officer (CDPO) ( E ) Certified Information Privacy Professional (CIPPE/E) ( D ) Skills and experience Experience in engaging with a range of stakeholders to deliver advice and guidance and raise awareness Experience in managing data protection processes, including responding to Subject Access Requests, Right to Erasure, Incident Management and Breach Reporting Proven experience dealing with outsourced third-party suppliers Significant demonstrable experience in a similar position and size company Ability to analyse key data, management information, systems and processes Ability to deliver to agreed targets. Ability to establish and maintain rapport with a wide variety of people. Ability to manage critical priorities effectively to ensure deadlines are met. Babington Benefits Babington Engage Bupa Healthcare - Cash plan 25 Days annual leave plus Bank holidays Additional annual leave purchase scheme Employer Pension contribution We'll be conducting interviews on a continuous basis and reserve the right to take down the advert when we have found the right candidate. Babington is committed to safeguarding and promoting the welfare of all learners and employees associated with our business. We, therefore, expect all employees to share this commitment and demonstrate our values within all aspects of their work. All offers of employment are subject to relevant vetting checks, including successful completion of an appropriate check through the Disclosure & Barring Service. We are innovators in Education so why not apply now and join us in Developing Better Futures!
Apr 15, 2024
Full time
Data Protection & Information Security Manager As a purpose-driven organisation, we're all about the 'why'. Babington is committed to developing better futures: for individuals, organisations, and society. For us that means developing skills and creating opportunity for individuals and organisations to perform at their very best. We are looking for an Data Protection & Information Security Manager who can join our Business Enablement department and work at a fast pace, overseeing all data protection and information security governance. If you have knowledge and experience with Data Protection & Information Security and the determination to be part of our journey of Developing Better Futures, then we want to hear from you! Summary of role You will be responsible for the safeguarding of personal and sensitive information handled by Babington. Devising, Implementing and Managing an Information Security Management System (ISMS) across the company, along with conducting the duties of the Data Protection Officer for the business. Brief summary of principle accountabilities Develop and maintain comprehensive Data Protection and Information Security Policies, Procedures, and guidelines. Ensure a robust and compliant strategy is in place to manage physical security - CCTV, Access Control Introduction of process, policy, and procedures to minimise unstructured data exposure risks. Ensure a robust and compliant strategy is developed and implemented to manage Data Retention and Records Management throughout the business. Monitor changes in legislation and accreditation standards that affect information security and data protection and recommend any relevant change requirements to the organisation's policies, procedures, and ways of working. Lead on the management and investigation of Data Breaches, ensuring any lessons learnt are feedback to the appropriate Senior Executive Board member(s). Advise on, and monitor the business's Data Protection Impact Assessments (DPIAs) Develop and deliver training programs to raise awareness about data protection and information security among employees. Foster a culture of security consciousness throughout the organisation. Collaborate with procurement to ensure contractual agreements include appropriate security provisions. Review and where deemed appropriate, implement/ assist in the introduction of security applications and features as required. Brief person specification Qualifications (E - Essential; D - Desirable) Grade A-C GCSE in English and Maths or equivalent ( E ) ISO27001 Lead Implementer ( D ) ISO27001 Lead Auditor ( D ) Certified Data Protection Officer (CDPO) ( E ) Certified Information Privacy Professional (CIPPE/E) ( D ) Skills and experience Experience in engaging with a range of stakeholders to deliver advice and guidance and raise awareness Experience in managing data protection processes, including responding to Subject Access Requests, Right to Erasure, Incident Management and Breach Reporting Proven experience dealing with outsourced third-party suppliers Significant demonstrable experience in a similar position and size company Ability to analyse key data, management information, systems and processes Ability to deliver to agreed targets. Ability to establish and maintain rapport with a wide variety of people. Ability to manage critical priorities effectively to ensure deadlines are met. Babington Benefits Babington Engage Bupa Healthcare - Cash plan 25 Days annual leave plus Bank holidays Additional annual leave purchase scheme Employer Pension contribution We'll be conducting interviews on a continuous basis and reserve the right to take down the advert when we have found the right candidate. Babington is committed to safeguarding and promoting the welfare of all learners and employees associated with our business. We, therefore, expect all employees to share this commitment and demonstrate our values within all aspects of their work. All offers of employment are subject to relevant vetting checks, including successful completion of an appropriate check through the Disclosure & Barring Service. We are innovators in Education so why not apply now and join us in Developing Better Futures!
Information Assurance Officer - 12 Month FTC - Birmingham - £60k - Legal ISO27001 Cyber Essentials Compliance Risk Assessments Documentation Policies Salary: £60,000 Location: Birmingham Are you an Information Assurance professional, looking for a new challenge in your career? Do you have demonstrable experience of working with Information Security Management Systems and Security Programmes? Have you previously worked in line with ISO27001:2022 standards? Interested in working for an innovative and award-winning company who support the development of your career? If so, I have a fantastic opportunity for you! I'm looking to speak with individuals who are comfortable producing and developing policies and documents to enforce security requirements. You will have the ability to facilitate the requirements for external audits. You must be comfortable liaising with both internal and external stakeholders and capable of driving compliance capabilities. Key Responsibilities Assist with the design, development and operation of the company's Integrated Information Security Management System and Security Programme in line with ISO27001:22 Work with your immediate team and the wider business on compliance projects Produce policies and documentation to apply security requirements Collaborate with internal and external stakeholders to drive compliance capabilities Carry out the necessary work to help achieve Cyber Essentials Plus accreditation Maintain, review and update security policies, procedures and guidelines Support the organisation with complex security queries and risk assessments The Ideal Candidate ISO27001 Implementer certified CISM, CISA, CRISC certified or another relevant professional certification Can work well under pressure and prioritise workloads to meet deadlines Capable of working without supervision Excellent attention to detail with a logical and methodical approach to tasks Strong written and verbal communication skills Desired experience with: ISO27001 Cyber Essentials Plus UK GDPR processes Risk Management Accreditation demands Defence in depth If you would like to be considered for this role, apply below or get in contact with Andrew Rose for further details. Xpertise are acting as an employment agency and business
Apr 15, 2024
Full time
Information Assurance Officer - 12 Month FTC - Birmingham - £60k - Legal ISO27001 Cyber Essentials Compliance Risk Assessments Documentation Policies Salary: £60,000 Location: Birmingham Are you an Information Assurance professional, looking for a new challenge in your career? Do you have demonstrable experience of working with Information Security Management Systems and Security Programmes? Have you previously worked in line with ISO27001:2022 standards? Interested in working for an innovative and award-winning company who support the development of your career? If so, I have a fantastic opportunity for you! I'm looking to speak with individuals who are comfortable producing and developing policies and documents to enforce security requirements. You will have the ability to facilitate the requirements for external audits. You must be comfortable liaising with both internal and external stakeholders and capable of driving compliance capabilities. Key Responsibilities Assist with the design, development and operation of the company's Integrated Information Security Management System and Security Programme in line with ISO27001:22 Work with your immediate team and the wider business on compliance projects Produce policies and documentation to apply security requirements Collaborate with internal and external stakeholders to drive compliance capabilities Carry out the necessary work to help achieve Cyber Essentials Plus accreditation Maintain, review and update security policies, procedures and guidelines Support the organisation with complex security queries and risk assessments The Ideal Candidate ISO27001 Implementer certified CISM, CISA, CRISC certified or another relevant professional certification Can work well under pressure and prioritise workloads to meet deadlines Capable of working without supervision Excellent attention to detail with a logical and methodical approach to tasks Strong written and verbal communication skills Desired experience with: ISO27001 Cyber Essentials Plus UK GDPR processes Risk Management Accreditation demands Defence in depth If you would like to be considered for this role, apply below or get in contact with Andrew Rose for further details. Xpertise are acting as an employment agency and business
CISO - Chief Information Security Officer Key words - PCI DSS, SOC2, NIST, ISO, CISSP This is a brand new and greenfield role for a CISO - Chief Information Security Officer to join a global multi-billion-pound turnover business. The role of CISO - Chief Information Security Officer involves overseeing security measures across the business. You'll handle everything related to security within your designated area, documenting and raising any potential risks, you'll work on enforcing security measures and boosting their overall security stance. You'll play a key role in helping senior management set up security protocols, ensure everyone follows them, and adopt the best security practices and processes. You'll also weigh up the costs and benefits of different security solutions to meet both current and future needs. You'll manage the lifecycle of vulnerabilities and keep all security policies, standards, and procedures up to date to make sure they meet all legal and contractual requirements. And, as part of the gig, you'll annually acknowledge your security responsibilities and commit to keeping sensitive information safe. Supervise and offer direction regarding the strategic course and security measures of the company's system and networking infrastructure. We are looking for a person with managerial experience, as you'll be responsible for a small team and their work load, and ideally have exposure to: PCI DSS, SOC2, NIST and ISO 27001. CISSP would also be preferred. The role is hybrid and the candidate can be based pretty much anywhere in the UK as they have a number of offices from Scotland down to London. For further more detailed information please press apply now or drop me a message CISO - Chief Information Security Officer - PCI DSS, SOC2, NIST, ISO, CISSP Circle Recruitment is acting as an Employment Agency in relation to this vacancy. Earn yourself a referral bonus if you refer somebody else who fills the role! We also offer an iPad if you refer a new client to us and we recruit for them. Follow us on Facebook - Circle Recruitment , Twitter and LinkedIn - Circle Recruitment.
Apr 13, 2024
Full time
CISO - Chief Information Security Officer Key words - PCI DSS, SOC2, NIST, ISO, CISSP This is a brand new and greenfield role for a CISO - Chief Information Security Officer to join a global multi-billion-pound turnover business. The role of CISO - Chief Information Security Officer involves overseeing security measures across the business. You'll handle everything related to security within your designated area, documenting and raising any potential risks, you'll work on enforcing security measures and boosting their overall security stance. You'll play a key role in helping senior management set up security protocols, ensure everyone follows them, and adopt the best security practices and processes. You'll also weigh up the costs and benefits of different security solutions to meet both current and future needs. You'll manage the lifecycle of vulnerabilities and keep all security policies, standards, and procedures up to date to make sure they meet all legal and contractual requirements. And, as part of the gig, you'll annually acknowledge your security responsibilities and commit to keeping sensitive information safe. Supervise and offer direction regarding the strategic course and security measures of the company's system and networking infrastructure. We are looking for a person with managerial experience, as you'll be responsible for a small team and their work load, and ideally have exposure to: PCI DSS, SOC2, NIST and ISO 27001. CISSP would also be preferred. The role is hybrid and the candidate can be based pretty much anywhere in the UK as they have a number of offices from Scotland down to London. For further more detailed information please press apply now or drop me a message CISO - Chief Information Security Officer - PCI DSS, SOC2, NIST, ISO, CISSP Circle Recruitment is acting as an Employment Agency in relation to this vacancy. Earn yourself a referral bonus if you refer somebody else who fills the role! We also offer an iPad if you refer a new client to us and we recruit for them. Follow us on Facebook - Circle Recruitment , Twitter and LinkedIn - Circle Recruitment.
CISO - Chief Information Security Officer Key words - PCI DSS, SOC2, NIST, ISO, CISSP This is a brand new and greenfield role for a CISO - Chief Information Security Officer to join a global multi-billion-pound turnover business. The role of CISO - Chief Information Security Officer involves overseeing security measures across the business. You'll handle everything related to security within your designated area, documenting and raising any potential risks, you'll work on enforcing security measures and boosting their overall security stance. You'll play a key role in helping senior management set up security protocols, ensure everyone follows them, and adopt the best security practices and processes. You'll also weigh up the costs and benefits of different security solutions to meet both current and future needs. You'll manage the lifecycle of vulnerabilities and keep all security policies, standards, and procedures up to date to make sure they meet all legal and contractual requirements. And, as part of the gig, you'll annually acknowledge your security responsibilities and commit to keeping sensitive information safe. Supervise and offer direction regarding the strategic course and security measures of the company's system and networking infrastructure. We are looking for a person with managerial experience, as you'll be responsible for a small team and their work load, and ideally have exposure to: PCI DSS, SOC2, NIST and ISO 27001. CISSP would also be preferred. The role is hybrid and the candidate can be based pretty much anywhere in the UK as they have a number of offices from Scotland down to London. For further more detailed information please press apply now or drop me a message CISO - Chief Information Security Officer - PCI DSS, SOC2, NIST, ISO, CISSP Circle Recruitment is acting as an Employment Agency in relation to this vacancy. Earn yourself a referral bonus if you refer somebody else who fills the role! We also offer an iPad if you refer a new client to us and we recruit for them. Follow us on Facebook - Circle Recruitment , Twitter and LinkedIn - Circle Recruitment.
Apr 13, 2024
Full time
CISO - Chief Information Security Officer Key words - PCI DSS, SOC2, NIST, ISO, CISSP This is a brand new and greenfield role for a CISO - Chief Information Security Officer to join a global multi-billion-pound turnover business. The role of CISO - Chief Information Security Officer involves overseeing security measures across the business. You'll handle everything related to security within your designated area, documenting and raising any potential risks, you'll work on enforcing security measures and boosting their overall security stance. You'll play a key role in helping senior management set up security protocols, ensure everyone follows them, and adopt the best security practices and processes. You'll also weigh up the costs and benefits of different security solutions to meet both current and future needs. You'll manage the lifecycle of vulnerabilities and keep all security policies, standards, and procedures up to date to make sure they meet all legal and contractual requirements. And, as part of the gig, you'll annually acknowledge your security responsibilities and commit to keeping sensitive information safe. Supervise and offer direction regarding the strategic course and security measures of the company's system and networking infrastructure. We are looking for a person with managerial experience, as you'll be responsible for a small team and their work load, and ideally have exposure to: PCI DSS, SOC2, NIST and ISO 27001. CISSP would also be preferred. The role is hybrid and the candidate can be based pretty much anywhere in the UK as they have a number of offices from Scotland down to London. For further more detailed information please press apply now or drop me a message CISO - Chief Information Security Officer - PCI DSS, SOC2, NIST, ISO, CISSP Circle Recruitment is acting as an Employment Agency in relation to this vacancy. Earn yourself a referral bonus if you refer somebody else who fills the role! We also offer an iPad if you refer a new client to us and we recruit for them. Follow us on Facebook - Circle Recruitment , Twitter and LinkedIn - Circle Recruitment.
Lloyd Recruitment Services Ltd
East Grinstead, Sussex
Lloyd Recruitment Services is excited to work with a leading organisation in search of a Data Security Compliance Officer to join their team. This is a great opportunity where you'll be a key player in ensuring data protection and security compliance across the business. What's in it for you? £47k - £50k 12-month fixed term contract Based in East Grinstead Hybrid working 25 days holiday plus bank holidays on top Company pension Discounts across 100's retailers Private health scheme Discounted gym membership Purpose of Job: Join a small, friendly Data Security Compliance Team and play a vital role in maintaining data protection and security compliance activities. Managing end-to-end processes for data subject requests under the UK GDPR Improving internal documentation and communications for efficient request processing Collaborating on the development of tools related to data subject requests Conducting reviews of Data Protection Impact Assessments (DPIAs) and Legitimate Interest Assessments (LIAs) Assisting in the refresh and communication of the company's Data Security Policy set Developing training materials and contributing to awareness campaigns Supporting the DPO in emphasising the importance of data security compliance Essential Skills: Strong knowledge and understanding of current and upcoming UK data protection law, e.g. UK GDPR, Data Protection Act 2018, Privacy and Electronic Communication Regulations (PECR) and familiarity with guidance published by the Information Commissioner's Office Extensive experience of fulfilling data subject requests made under the UK GDPR Experience of working in a team where providing guidance and advice about UK data protection law is a key and primary focus First rate planning and organisation skills with the ability to manage conflicting priorities while meeting tight deadlines Clear and accurate written and communication skills Confident IT skills Desirable Skills: One or more recognised data protection and/or information security qualifications, e.g. UK GDPR Foundation and/or Practitioner, CIPP/E, CIPM, CISSP, CISM Hands-on experience within Google Workspace Strong experience of using Gmail and Google Drive in Google Workspace but with some experience of using Microsoft Outlook and other Microsoft Office software Awareness of information security best practice, e.g. ISO 27001, Cyber Essentials, COBIT Awareness of payment card industry standards and requirements, i.e. Payment Card Data Security Standard (PCI DSS) Ability to work with minimum supervision, as well as collaboratively and flexibly with others to achieve team objectives Unfortunately, due to high numbers of applications, we are only able to respond to shortlisted applicants. By applying for this vacancy, you accept Lloyd Recruitment Services Privacy and GDPR Policy which can be found on our website and therefore gives us consent to contact you. Lloyd Recruitment Services are acting as a recruitment agency in relation to this vacancy and are an equal opportunities employer.
Apr 12, 2024
Full time
Lloyd Recruitment Services is excited to work with a leading organisation in search of a Data Security Compliance Officer to join their team. This is a great opportunity where you'll be a key player in ensuring data protection and security compliance across the business. What's in it for you? £47k - £50k 12-month fixed term contract Based in East Grinstead Hybrid working 25 days holiday plus bank holidays on top Company pension Discounts across 100's retailers Private health scheme Discounted gym membership Purpose of Job: Join a small, friendly Data Security Compliance Team and play a vital role in maintaining data protection and security compliance activities. Managing end-to-end processes for data subject requests under the UK GDPR Improving internal documentation and communications for efficient request processing Collaborating on the development of tools related to data subject requests Conducting reviews of Data Protection Impact Assessments (DPIAs) and Legitimate Interest Assessments (LIAs) Assisting in the refresh and communication of the company's Data Security Policy set Developing training materials and contributing to awareness campaigns Supporting the DPO in emphasising the importance of data security compliance Essential Skills: Strong knowledge and understanding of current and upcoming UK data protection law, e.g. UK GDPR, Data Protection Act 2018, Privacy and Electronic Communication Regulations (PECR) and familiarity with guidance published by the Information Commissioner's Office Extensive experience of fulfilling data subject requests made under the UK GDPR Experience of working in a team where providing guidance and advice about UK data protection law is a key and primary focus First rate planning and organisation skills with the ability to manage conflicting priorities while meeting tight deadlines Clear and accurate written and communication skills Confident IT skills Desirable Skills: One or more recognised data protection and/or information security qualifications, e.g. UK GDPR Foundation and/or Practitioner, CIPP/E, CIPM, CISSP, CISM Hands-on experience within Google Workspace Strong experience of using Gmail and Google Drive in Google Workspace but with some experience of using Microsoft Outlook and other Microsoft Office software Awareness of information security best practice, e.g. ISO 27001, Cyber Essentials, COBIT Awareness of payment card industry standards and requirements, i.e. Payment Card Data Security Standard (PCI DSS) Ability to work with minimum supervision, as well as collaboratively and flexibly with others to achieve team objectives Unfortunately, due to high numbers of applications, we are only able to respond to shortlisted applicants. By applying for this vacancy, you accept Lloyd Recruitment Services Privacy and GDPR Policy which can be found on our website and therefore gives us consent to contact you. Lloyd Recruitment Services are acting as a recruitment agency in relation to this vacancy and are an equal opportunities employer.
Information Assurance Officer - 12 Month FTC - Birmingham - £60k - Legal ISO27001 Cyber Essentials Compliance Risk Assessments Documentation Policies Salary: £60,000 Location: Birmingham Are you an Information Assurance professional, looking for a new challenge in your career? Do you have demonstrable experience of working with Information Security Management Systems and Security Programmes? Have you previously worked in line with ISO27001:2022 standards? Interested in working for an innovative and award-winning company who support the development of your career? If so, I have a fantastic opportunity for you! I'm looking to speak with individuals who are comfortable producing and developing policies and documents to enforce security requirements. You will have the ability to facilitate the requirements for external audits. You must be comfortable liaising with both internal and external stakeholders and capable of driving compliance capabilities. Key Responsibilities Assist with the design, development and operation of the company's Integrated Information Security Management System and Security Programme in line with ISO27001:22 Work with your immediate team and the wider business on compliance projects Produce policies and documentation to apply security requirements Collaborate with internal and external stakeholders to drive compliance capabilities Carry out the necessary work to help achieve Cyber Essentials Plus accreditation Maintain, review and update security policies, procedures and guidelines Support the organisation with complex security queries and risk assessments The Ideal Candidate ISO27001 Implementer certified CISM, CISA, CRISC certified or another relevant professional certification Can work well under pressure and prioritise workloads to meet deadlines Capable of working without supervision Excellent attention to detail with a logical and methodical approach to tasks Strong written and verbal communication skills Desired experience with: ISO27001 Cyber Essentials Plus UK GDPR processes Risk Management Accreditation demands Defence in depth If you would like to be considered for this role, apply below or get in contact with Andrew Rose for further details. Xpertise are acting as an employment agency and business
Apr 11, 2024
Full time
Information Assurance Officer - 12 Month FTC - Birmingham - £60k - Legal ISO27001 Cyber Essentials Compliance Risk Assessments Documentation Policies Salary: £60,000 Location: Birmingham Are you an Information Assurance professional, looking for a new challenge in your career? Do you have demonstrable experience of working with Information Security Management Systems and Security Programmes? Have you previously worked in line with ISO27001:2022 standards? Interested in working for an innovative and award-winning company who support the development of your career? If so, I have a fantastic opportunity for you! I'm looking to speak with individuals who are comfortable producing and developing policies and documents to enforce security requirements. You will have the ability to facilitate the requirements for external audits. You must be comfortable liaising with both internal and external stakeholders and capable of driving compliance capabilities. Key Responsibilities Assist with the design, development and operation of the company's Integrated Information Security Management System and Security Programme in line with ISO27001:22 Work with your immediate team and the wider business on compliance projects Produce policies and documentation to apply security requirements Collaborate with internal and external stakeholders to drive compliance capabilities Carry out the necessary work to help achieve Cyber Essentials Plus accreditation Maintain, review and update security policies, procedures and guidelines Support the organisation with complex security queries and risk assessments The Ideal Candidate ISO27001 Implementer certified CISM, CISA, CRISC certified or another relevant professional certification Can work well under pressure and prioritise workloads to meet deadlines Capable of working without supervision Excellent attention to detail with a logical and methodical approach to tasks Strong written and verbal communication skills Desired experience with: ISO27001 Cyber Essentials Plus UK GDPR processes Risk Management Accreditation demands Defence in depth If you would like to be considered for this role, apply below or get in contact with Andrew Rose for further details. Xpertise are acting as an employment agency and business
At Mazars we have multiple opportunities for you, with exciting career paths that will lead to progression within the firm. A diverse prestigious client list that can offer lifelong professional development with the opportunity to constantly update and grow your skills. "Mine, Yours, Ours, That's Mazars & me!" Are you looking to make an impact leading and driving an enterprise architecture team in a cloud native, modern and forward-looking function? Are you looking to grow our business as if it was your own? And are you looking for open, engaged, and collaborative teams? Within that, our architecture function is fundamental to enabling our firm to succeed. Working with a team of experts and innovative business partners and technology, they will work with the project team, stakeholders, and technical subject matter experts to lead the strategic planning and delivery of technology systems and solutions that are aligned with the firm's business strategy. As the main technology oversight for new solutions, you will work with operations resources, and project delivery teams to identify and mitigate risks and issues to ensure that the target architecture is aligned to the firm's technology roadmap. This critical business role which will lead the strategic planning and delivery of technology solutions to the firm as well as considerations such as enterprise risk, and commercial best practice are understood and to ensure we are at the forefront of industry best practice. Reporting to the Chief Technology Officer, this role is key part of the IT Leadership team will help shape the next stage of maturity as the function grows and develops. This includes recruiting and developing a team and supporting key transformation programmes. Key areas of responsibility: The architecture function is responsible for the design and operating model of new solutions across elements including application design, data, infrastructure, networking, and end points and needs to incorporate appropriate oversight to factors including performance, scale, resilience, security, and cost. In professional services there are several major applications used across the business and having clear, defined roadmaps for these IT services is fundamental to ensuring that our services are well maintained and continue to evolve to deliver business value. The role will include KPI and risk reporting to inform key stakeholders such as the Executive board, clients, internal audit, and external regulators. They will ensure that high quality representation is provided including to internal and external auditors, including ISO27001. They will lead the refresh and establishment of professional architecture governance framework, aligned to best practice industry standards. They will engage positively with global IT transformation programmes and structures to align and support our ambitions to have greater alignment and integration on an international basis. They will have track record of, with a successful roadmap of improvement, including examples of managing vendors and stakeholders, improving customer experience, and developing maturity in process and technology. Leading, recruiting and developing teams both in the current and future state is critical in this role. They will have oversight of an initial team of 4 individuals, two in role, one already recruited and one to be recruited, forming the architecture function. They will also be responsible to engage and oversee key third-party relationships and engage with the procurement function to ensure thorough due diligence for suppliers from an architectural best practice perspective. They will have a solid understanding of commercials and licensing agreements to ensure these meet the needs of the business and provide value for money. As a key member of the IT Leadership Team, they will work closely with their peers under the direction of the Chief Technology Officer. Mazars and Me We want everyone to be rewarded and enriched by their professional life. So we come together to pioneer new ways of working; promoting psychological safety, flexibility with how you work - trusting you to make the right choices for the team, clients and the business - and balance in stimulating modern workspaces. We offer core benefits and then give people the opportunity to tailor extra benefits to suit their individual needs. Being inclusive is core to our culture at Mazars; we want to ensure everyone, whether in the recruitment process or beyond is fully supported to be their unique self and provided with a level playing field. To read more about our approachclick here
Apr 11, 2024
Full time
At Mazars we have multiple opportunities for you, with exciting career paths that will lead to progression within the firm. A diverse prestigious client list that can offer lifelong professional development with the opportunity to constantly update and grow your skills. "Mine, Yours, Ours, That's Mazars & me!" Are you looking to make an impact leading and driving an enterprise architecture team in a cloud native, modern and forward-looking function? Are you looking to grow our business as if it was your own? And are you looking for open, engaged, and collaborative teams? Within that, our architecture function is fundamental to enabling our firm to succeed. Working with a team of experts and innovative business partners and technology, they will work with the project team, stakeholders, and technical subject matter experts to lead the strategic planning and delivery of technology systems and solutions that are aligned with the firm's business strategy. As the main technology oversight for new solutions, you will work with operations resources, and project delivery teams to identify and mitigate risks and issues to ensure that the target architecture is aligned to the firm's technology roadmap. This critical business role which will lead the strategic planning and delivery of technology solutions to the firm as well as considerations such as enterprise risk, and commercial best practice are understood and to ensure we are at the forefront of industry best practice. Reporting to the Chief Technology Officer, this role is key part of the IT Leadership team will help shape the next stage of maturity as the function grows and develops. This includes recruiting and developing a team and supporting key transformation programmes. Key areas of responsibility: The architecture function is responsible for the design and operating model of new solutions across elements including application design, data, infrastructure, networking, and end points and needs to incorporate appropriate oversight to factors including performance, scale, resilience, security, and cost. In professional services there are several major applications used across the business and having clear, defined roadmaps for these IT services is fundamental to ensuring that our services are well maintained and continue to evolve to deliver business value. The role will include KPI and risk reporting to inform key stakeholders such as the Executive board, clients, internal audit, and external regulators. They will ensure that high quality representation is provided including to internal and external auditors, including ISO27001. They will lead the refresh and establishment of professional architecture governance framework, aligned to best practice industry standards. They will engage positively with global IT transformation programmes and structures to align and support our ambitions to have greater alignment and integration on an international basis. They will have track record of, with a successful roadmap of improvement, including examples of managing vendors and stakeholders, improving customer experience, and developing maturity in process and technology. Leading, recruiting and developing teams both in the current and future state is critical in this role. They will have oversight of an initial team of 4 individuals, two in role, one already recruited and one to be recruited, forming the architecture function. They will also be responsible to engage and oversee key third-party relationships and engage with the procurement function to ensure thorough due diligence for suppliers from an architectural best practice perspective. They will have a solid understanding of commercials and licensing agreements to ensure these meet the needs of the business and provide value for money. As a key member of the IT Leadership Team, they will work closely with their peers under the direction of the Chief Technology Officer. Mazars and Me We want everyone to be rewarded and enriched by their professional life. So we come together to pioneer new ways of working; promoting psychological safety, flexibility with how you work - trusting you to make the right choices for the team, clients and the business - and balance in stimulating modern workspaces. We offer core benefits and then give people the opportunity to tailor extra benefits to suit their individual needs. Being inclusive is core to our culture at Mazars; we want to ensure everyone, whether in the recruitment process or beyond is fully supported to be their unique self and provided with a level playing field. To read more about our approachclick here
Robert Half Technology are pleased to be partnering with an expanding company in Oxford to recruit an Information Security Officer. This is a permanent role paying up to £55,000 with hybrid working, looking for someone who can be the Subject Matter Expert in all things related to ISO27001 and security governance Key responsibilities include: Acting as lead for all governance and compliance standards (ISO27001, Cyber Essentials, SOX etc) Design and lead audits, creating and continuously developing new policies to enhance the compliance programme Provider wider GRC support to other departments in the business Collaborate with stakeholders across multiple departments to champion the relevant changes to policies and compliance standards About you: Previous experience in a GRC officer role Strong understanding of Compliance Frameworks such as ISO27001, SOX, Cyber Essentials, NIST, SOC 2, GDPR, PCI DSS Strong stakeholder management skills Ability to infuence change On offer: Salary on offer is up to £55,000 Hybrid working (3 days in Oxford, 2 days WFH) 25 days annual leave plus bank holidays Pension contribution Robert Half Ltd acts as an employment business for temporary positions and an employment agency for permanent positions. Robert Half is committed to equal opportunity and diversity. Suitable candidates with equivalent qualifications and more or less experience can apply. Rates of pay and salary ranges are dependent upon your experience, qualifications and training. If you wish to apply, please read our Privacy Notice describing how we may process, disclose and store your personal data: gb/en/privacy-notice Security alert: scammers are currently targeting jobseekers. Robert Half do not ask candidates for a fee or request candidates to send applications through instant messaging services such as WhatsApp or Telegram. Learn how to protect yourself by visiting our website: gb/en/how-spot-recruitment-scams-and-protect-yourself
Apr 10, 2024
Full time
Robert Half Technology are pleased to be partnering with an expanding company in Oxford to recruit an Information Security Officer. This is a permanent role paying up to £55,000 with hybrid working, looking for someone who can be the Subject Matter Expert in all things related to ISO27001 and security governance Key responsibilities include: Acting as lead for all governance and compliance standards (ISO27001, Cyber Essentials, SOX etc) Design and lead audits, creating and continuously developing new policies to enhance the compliance programme Provider wider GRC support to other departments in the business Collaborate with stakeholders across multiple departments to champion the relevant changes to policies and compliance standards About you: Previous experience in a GRC officer role Strong understanding of Compliance Frameworks such as ISO27001, SOX, Cyber Essentials, NIST, SOC 2, GDPR, PCI DSS Strong stakeholder management skills Ability to infuence change On offer: Salary on offer is up to £55,000 Hybrid working (3 days in Oxford, 2 days WFH) 25 days annual leave plus bank holidays Pension contribution Robert Half Ltd acts as an employment business for temporary positions and an employment agency for permanent positions. Robert Half is committed to equal opportunity and diversity. Suitable candidates with equivalent qualifications and more or less experience can apply. Rates of pay and salary ranges are dependent upon your experience, qualifications and training. If you wish to apply, please read our Privacy Notice describing how we may process, disclose and store your personal data: gb/en/privacy-notice Security alert: scammers are currently targeting jobseekers. Robert Half do not ask candidates for a fee or request candidates to send applications through instant messaging services such as WhatsApp or Telegram. Learn how to protect yourself by visiting our website: gb/en/how-spot-recruitment-scams-and-protect-yourself
CIO, Chief Information Officer - Smart and Award winning IT/Technology company, soon to be leaders in their fields. South East England, CIO will be responsible for monitoring and adapting the technical environment to establish required security standards, in line with business requirements and customer expectation. This is a highly technical role working within the CISO function. As CIO, Chief Information Officer, you will be responsible for: Analysing security environments across the business to identify improvements and ensuring completion of improvement projects to an agreed timetable. Co-ordinating quarterly Infrastructure Reviews across the global estate by conducting assessments of the Platforms and Corporate systems. Composing reports which make recommendations to the CISO to minimise identified risks and obtain an agreed timetable for remediation. Working closely with the CISO and Quality Compliance Executive to provide assurance that policies and procedures for Information Security are effective and adhered to. Performing or supervising interal audits and using the results to proactively suggest updates to policies and procedures. Liasing with external security agencies. Keeping up to date with security trends, threats and control measures. Contributing to the Group Risk Register and carry out assigned actions to mitigate identified risks. Providing high quality IT Security guidance documentation and training to the internal technology teams (IT, Operations and Applications). Acting as a strategic and tactical partner in the operational and technical development of the Security Operations Centre. Ensuring relevant policies, processes and procedures are up to date and uploaded onto the Business Management System in accordance with internal processes. Providing training and awareness on policies, processes and procedures in line with the CISO. Taking responsibility for the information security aspects as input into the continued achievement of ISO27001, ISO 22301, ISO 9001, PCIDSS, and Cyber Essentials . Responsibility includes the implementation of recommendations, driving external and internal audit requirements/outputs through the Information Security area. Taking charge of monitoring security policies across CLIENT's global offices to ensure they are maintained. Working closely with the Compliance team to ensure information security requirements are available for external audits. As required, providing further support to the CISO with other projects and tasks. The successful candidate will demonstrate: Substantial experience in IT/Project Management within the Security sector. (5+ years) A Bachelor's degree in a relevant subject. Proven experience in a Senior Security role. The ability to manage and motivate others. Past experience working with confidential and sensitive material. Experience in CCaaS or cloud technology is desired. Excellent interpersonal, communication and organisational skills. Job Types: Permanent, Full-time CIO, Chief Information Officer
Apr 10, 2024
Full time
CIO, Chief Information Officer - Smart and Award winning IT/Technology company, soon to be leaders in their fields. South East England, CIO will be responsible for monitoring and adapting the technical environment to establish required security standards, in line with business requirements and customer expectation. This is a highly technical role working within the CISO function. As CIO, Chief Information Officer, you will be responsible for: Analysing security environments across the business to identify improvements and ensuring completion of improvement projects to an agreed timetable. Co-ordinating quarterly Infrastructure Reviews across the global estate by conducting assessments of the Platforms and Corporate systems. Composing reports which make recommendations to the CISO to minimise identified risks and obtain an agreed timetable for remediation. Working closely with the CISO and Quality Compliance Executive to provide assurance that policies and procedures for Information Security are effective and adhered to. Performing or supervising interal audits and using the results to proactively suggest updates to policies and procedures. Liasing with external security agencies. Keeping up to date with security trends, threats and control measures. Contributing to the Group Risk Register and carry out assigned actions to mitigate identified risks. Providing high quality IT Security guidance documentation and training to the internal technology teams (IT, Operations and Applications). Acting as a strategic and tactical partner in the operational and technical development of the Security Operations Centre. Ensuring relevant policies, processes and procedures are up to date and uploaded onto the Business Management System in accordance with internal processes. Providing training and awareness on policies, processes and procedures in line with the CISO. Taking responsibility for the information security aspects as input into the continued achievement of ISO27001, ISO 22301, ISO 9001, PCIDSS, and Cyber Essentials . Responsibility includes the implementation of recommendations, driving external and internal audit requirements/outputs through the Information Security area. Taking charge of monitoring security policies across CLIENT's global offices to ensure they are maintained. Working closely with the Compliance team to ensure information security requirements are available for external audits. As required, providing further support to the CISO with other projects and tasks. The successful candidate will demonstrate: Substantial experience in IT/Project Management within the Security sector. (5+ years) A Bachelor's degree in a relevant subject. Proven experience in a Senior Security role. The ability to manage and motivate others. Past experience working with confidential and sensitive material. Experience in CCaaS or cloud technology is desired. Excellent interpersonal, communication and organisational skills. Job Types: Permanent, Full-time CIO, Chief Information Officer
Job Title: Information Security Risk and Governance Officer Contract: Permanent - (Flexible working options available) Salary Range: £41,600 - £62,400 Location: Eastleigh - Hybrid Information Security Risk and Governance Officer: Are you passionate about safeguarding the future and mitigating risks? Do you possess a deep understanding of governance frameworks and excel at developing robust risk management strategies? If so, we have an exciting opportunity for you to join our team at Ageas. The role of the Information Security Risk and Governance Officer is to support the day-to-day activities of the Education, Capability and Governance (ECG) Team and Manager implementing security initiatives and governance processes that will protect customer, employee and company information from security risks and to ensure that the information security risk to the business is managed to an acceptable level. Main Responsibilities: Lead and support ISO27001 Implementation with the support from team members Lead the creation, development and adoption of policies and standards within an organisation Provide interpretation of the Information Security standards to support complex decisions or those which set new precedent. Manage on the information security management framework and supporting risk framework and exception process Support the ECG Manager in developing and delivering the information security strategy and yearly plan Support the ECG Manager in developing and delivering information security reporting processes and formats Create and Implement procedures as necessary to comply with the Group security policy Act as a Liaison where required to the Group, other Operating Countries and external bodies Maintain the Information Security's service catalogue Support the business monitoring and governance of adherence with the organization's information security policies and procedures. Support the production of management information, metrics and trends for Information Security Monitor and respond to changes in legislation, accreditation standards and frameworks that affect information security including reporting on how these may impact Ageas Assist in Information Security incidents as required, and where necessary, support Compliance and HR investigations into data breaches or systems misuse. Proactively share good practice and expertise with colleagues. Adapt communication style to suit audience, developing effective mechanisms to disseminate information to colleagues. Knowledge, skills and experience: ESSENTIAL SKILLS - ISO27001 Implementation Demonstrable ability to design compliance frameworks, develop policies, procedures and assurance activities Experience working at similar work level for a minimum of five years in Information Security or a related subject area. Strong communication skills both verbally and in writing with good questioning and listening skills in order to identify customer requirements, whilst informing staff of progress and results by use of meetings and presentations. Ability to explain complex IT concepts to all levels of customer. Experience of a related business environment A sound understanding and practical experience of Information Security processes, policies and tools. Proficient in Microsoft Office applications DESIRABLE SKILLS - Background in CISM, CISSP, knowledge of Data Protection / GDPR, Information Security Forum, CiiSec Understanding of information security controls in particular those relating to business process, governance, risk and education Understanding how policies and standards impact operations and balancing security needs with operational reality. Some of the benefits you can enjoy: At Ageas we offer a wide range of benefits to support you and your family inside and outside of work, which helped us achieve, Top Employer status in the UK. Flexible Working - Smart gives employees flexibility around location (as long as it's within the UK) and, for many of our roles, flexibility within the working day to manage other commitments, such as school drop offs etc. We also offer all our vacancies part-time/job-shares . We also offer a minimum of 35 days holiday (inc. bank holidays) and you can buy and sell days. Supporting your Health - Dental Insurance Health Cash Plan, Health Screening, Will Writing, Voluntary Critical Illness, Mental Health First Aiders. Supporting your Wealth - Annual Bonus Schemes, Annual Salary Reviews, Competitive Pension, Employee Savings, Employee Loans. Benefits for Them - Partner Life Assurance and Critical Illness cover Get some Tech - Deals on various gadgets including Wearables, Tablets and Laptops. Supporting you back to work - Return to work programme after maternity leave About Ageas: We're one of the largest car and home insurers in the UK. Our people help Ageas to be a thriving, creative and innovative place to work, which is echoed in the service we provide to over four million customers.As an inclusive employer, we encourage anyone to apply. We're a signatory of the Race at Work Charter and Women in Finance Charter , a Stonewall diversity champion and a Disability Confident Employer (which means interviews are guaranteed for applicants with a disability who meet the minimum role criteria). For more information please see Ageas Everyone.Our aim is to have great people everywhere in our business and we're always looking for outstanding people to join us. To find out more about Ageas, see About Us.
Apr 08, 2024
Full time
Job Title: Information Security Risk and Governance Officer Contract: Permanent - (Flexible working options available) Salary Range: £41,600 - £62,400 Location: Eastleigh - Hybrid Information Security Risk and Governance Officer: Are you passionate about safeguarding the future and mitigating risks? Do you possess a deep understanding of governance frameworks and excel at developing robust risk management strategies? If so, we have an exciting opportunity for you to join our team at Ageas. The role of the Information Security Risk and Governance Officer is to support the day-to-day activities of the Education, Capability and Governance (ECG) Team and Manager implementing security initiatives and governance processes that will protect customer, employee and company information from security risks and to ensure that the information security risk to the business is managed to an acceptable level. Main Responsibilities: Lead and support ISO27001 Implementation with the support from team members Lead the creation, development and adoption of policies and standards within an organisation Provide interpretation of the Information Security standards to support complex decisions or those which set new precedent. Manage on the information security management framework and supporting risk framework and exception process Support the ECG Manager in developing and delivering the information security strategy and yearly plan Support the ECG Manager in developing and delivering information security reporting processes and formats Create and Implement procedures as necessary to comply with the Group security policy Act as a Liaison where required to the Group, other Operating Countries and external bodies Maintain the Information Security's service catalogue Support the business monitoring and governance of adherence with the organization's information security policies and procedures. Support the production of management information, metrics and trends for Information Security Monitor and respond to changes in legislation, accreditation standards and frameworks that affect information security including reporting on how these may impact Ageas Assist in Information Security incidents as required, and where necessary, support Compliance and HR investigations into data breaches or systems misuse. Proactively share good practice and expertise with colleagues. Adapt communication style to suit audience, developing effective mechanisms to disseminate information to colleagues. Knowledge, skills and experience: ESSENTIAL SKILLS - ISO27001 Implementation Demonstrable ability to design compliance frameworks, develop policies, procedures and assurance activities Experience working at similar work level for a minimum of five years in Information Security or a related subject area. Strong communication skills both verbally and in writing with good questioning and listening skills in order to identify customer requirements, whilst informing staff of progress and results by use of meetings and presentations. Ability to explain complex IT concepts to all levels of customer. Experience of a related business environment A sound understanding and practical experience of Information Security processes, policies and tools. Proficient in Microsoft Office applications DESIRABLE SKILLS - Background in CISM, CISSP, knowledge of Data Protection / GDPR, Information Security Forum, CiiSec Understanding of information security controls in particular those relating to business process, governance, risk and education Understanding how policies and standards impact operations and balancing security needs with operational reality. Some of the benefits you can enjoy: At Ageas we offer a wide range of benefits to support you and your family inside and outside of work, which helped us achieve, Top Employer status in the UK. Flexible Working - Smart gives employees flexibility around location (as long as it's within the UK) and, for many of our roles, flexibility within the working day to manage other commitments, such as school drop offs etc. We also offer all our vacancies part-time/job-shares . We also offer a minimum of 35 days holiday (inc. bank holidays) and you can buy and sell days. Supporting your Health - Dental Insurance Health Cash Plan, Health Screening, Will Writing, Voluntary Critical Illness, Mental Health First Aiders. Supporting your Wealth - Annual Bonus Schemes, Annual Salary Reviews, Competitive Pension, Employee Savings, Employee Loans. Benefits for Them - Partner Life Assurance and Critical Illness cover Get some Tech - Deals on various gadgets including Wearables, Tablets and Laptops. Supporting you back to work - Return to work programme after maternity leave About Ageas: We're one of the largest car and home insurers in the UK. Our people help Ageas to be a thriving, creative and innovative place to work, which is echoed in the service we provide to over four million customers.As an inclusive employer, we encourage anyone to apply. We're a signatory of the Race at Work Charter and Women in Finance Charter , a Stonewall diversity champion and a Disability Confident Employer (which means interviews are guaranteed for applicants with a disability who meet the minimum role criteria). For more information please see Ageas Everyone.Our aim is to have great people everywhere in our business and we're always looking for outstanding people to join us. To find out more about Ageas, see About Us.
To support the Chief Information Security Officer in managing and reporting the Information Security Risks faced by Technology Services (TS) in delivering AJ Bell's systems and services. This role is responsible for facilitating the secure delivery of AJ Bell's technology and business change. The Security Architect will join a team of architects and play a lead role in designing and implementing security controls and processes. Key to this is assisting and supporting our colleagues in achieving their goals, but in a secure manner. This is a hybrid role with occasional travel to our Manchester Head Office. The key responsibilities of the role are: Subject matter expertise for security best practice, ensuring the maintenance of the confidentiality, integrity and availability of AJ Bell's systems and data. Design and implementation of enterprise security technology controls and platforms, following industry best practices. Supporting and advising on projects and change initiatives to ensure that there is no negative impact on our security posture Carrying out internal security reviews both on solutions we develop in house and third-party solutions. Supporting audit and due diligence activities within Technology Services Working with Information Security, Infrastructure and Architecture to define security standards. Acts as an integration point between the CISO and AJ Bell business and technology teams to ensure security is embedded across the organisation Essential experience, knowledge and skills: Demonstrable experience of implementing enterprise security platforms Previous experience of delivering and maintaining of technical enterprise security solutions for (but not limited to) the following areas: End Point Protection, Cloud Security, Network Security, DevOps, Security Monitoring & Remediation is advantageous. Knowledge of Secure Software Development Life Cycle best practices Strong understanding and knowledge of Information Security risk management tools and techniques Experience of security governance and compliance, ideally gained in financial services organisations Demonstrable understanding of Information Security control standards and frameworks e.g. ISO27001, NIST, PCI DSS Awareness and understanding of the Information Security threat landscape Deep understanding of Information Security solutions and controls Experience of Cloud security solutions and standards is highly advantageous Knowledge & Skills Excellent communicator, able to translate complex topics to all areas of the business Significant experience in the area of Information security Strong knowledge of core IT and networking concepts Well versed in IT security capabilities, framework and concepts Strong ownership of tasks, attention to detail and following through to conclusion Ability to challenge approach, strategy and implementation to ensure Information Security is consistently considered and improved Ability to work under own initiative to plan and communicate effectively with colleagues and customers Structured, self-starting, flexible and enjoy working in fast-paced environments Effective communication skills, both written and verbal Ability to plan, organise and follow through on assigned tasks and complete with little or no prompting from management Excellent attention to detail Attained CISSP or similar certification Minimum of 5 years' experience in an Information Security role gained in a financial services or e-commerce environment is preferred About Us: AJ Bell is one of the fastest-growing investment platform businesses in the UK offering an award-winning range of solutions that caters for everyone, from professional financial advisers, to DIY investors with little to no experience. We have 480.000 customers using our award-winning platform propositions to manage assets totalling more than £75.1 billion. Our customers trust us with their investments, and by continuously striving to make investing easier, we aim to help even more people take control of their financial futures. Having listed on the Main Market of the London Stock Exchange in December 2018, AJ Bell is now a FTSE 250 company. Headquartered in Manchester with offices in central London and Bristol, we now have over 1100 employees and have been named one of the UK's 'Best 100 Companies to Work For' for five consecutive years. There are opportunities for growth and professional development for employees wanting to progress within their career including induction training and our study support scheme which is part of our benefits package. There is an active programme of social events throughout the year, which are open to all employees. What we offer: • Generous holiday allowance increasing up to 30 days with service, plus bank holidays• Company Health cash plan• Holiday buy/sell scheme• Hybrid working policy• Casual dress code• Discretionary bonus• Contributory pension scheme• Dedicated time for proof-of-concepts and assessing new tech• Support to attend conferences, events, and meet-ups• Buy as you earn share scheme• Free share scheme• Paid study support for qualifications• Maternity/paternity scheme • Bike loan• Season ticket loan portal• Discounted PMI and Dental• On-site gym and personal trainer led classes• Paid volunteering opportunities• Free social events and more AJ Bell is committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and all employees are empowered to bring their whole self to work. We do not discriminate on the basis of race, sex, gender identity, sexual orientation, age, pregnancy, religion, physical and mental disability, marital status and any other characteristics protected by the Equality Act 2010. All decisions to hire are based on qualifications, merit and business need.
Aug 13, 2023
Full time
To support the Chief Information Security Officer in managing and reporting the Information Security Risks faced by Technology Services (TS) in delivering AJ Bell's systems and services. This role is responsible for facilitating the secure delivery of AJ Bell's technology and business change. The Security Architect will join a team of architects and play a lead role in designing and implementing security controls and processes. Key to this is assisting and supporting our colleagues in achieving their goals, but in a secure manner. This is a hybrid role with occasional travel to our Manchester Head Office. The key responsibilities of the role are: Subject matter expertise for security best practice, ensuring the maintenance of the confidentiality, integrity and availability of AJ Bell's systems and data. Design and implementation of enterprise security technology controls and platforms, following industry best practices. Supporting and advising on projects and change initiatives to ensure that there is no negative impact on our security posture Carrying out internal security reviews both on solutions we develop in house and third-party solutions. Supporting audit and due diligence activities within Technology Services Working with Information Security, Infrastructure and Architecture to define security standards. Acts as an integration point between the CISO and AJ Bell business and technology teams to ensure security is embedded across the organisation Essential experience, knowledge and skills: Demonstrable experience of implementing enterprise security platforms Previous experience of delivering and maintaining of technical enterprise security solutions for (but not limited to) the following areas: End Point Protection, Cloud Security, Network Security, DevOps, Security Monitoring & Remediation is advantageous. Knowledge of Secure Software Development Life Cycle best practices Strong understanding and knowledge of Information Security risk management tools and techniques Experience of security governance and compliance, ideally gained in financial services organisations Demonstrable understanding of Information Security control standards and frameworks e.g. ISO27001, NIST, PCI DSS Awareness and understanding of the Information Security threat landscape Deep understanding of Information Security solutions and controls Experience of Cloud security solutions and standards is highly advantageous Knowledge & Skills Excellent communicator, able to translate complex topics to all areas of the business Significant experience in the area of Information security Strong knowledge of core IT and networking concepts Well versed in IT security capabilities, framework and concepts Strong ownership of tasks, attention to detail and following through to conclusion Ability to challenge approach, strategy and implementation to ensure Information Security is consistently considered and improved Ability to work under own initiative to plan and communicate effectively with colleagues and customers Structured, self-starting, flexible and enjoy working in fast-paced environments Effective communication skills, both written and verbal Ability to plan, organise and follow through on assigned tasks and complete with little or no prompting from management Excellent attention to detail Attained CISSP or similar certification Minimum of 5 years' experience in an Information Security role gained in a financial services or e-commerce environment is preferred About Us: AJ Bell is one of the fastest-growing investment platform businesses in the UK offering an award-winning range of solutions that caters for everyone, from professional financial advisers, to DIY investors with little to no experience. We have 480.000 customers using our award-winning platform propositions to manage assets totalling more than £75.1 billion. Our customers trust us with their investments, and by continuously striving to make investing easier, we aim to help even more people take control of their financial futures. Having listed on the Main Market of the London Stock Exchange in December 2018, AJ Bell is now a FTSE 250 company. Headquartered in Manchester with offices in central London and Bristol, we now have over 1100 employees and have been named one of the UK's 'Best 100 Companies to Work For' for five consecutive years. There are opportunities for growth and professional development for employees wanting to progress within their career including induction training and our study support scheme which is part of our benefits package. There is an active programme of social events throughout the year, which are open to all employees. What we offer: • Generous holiday allowance increasing up to 30 days with service, plus bank holidays• Company Health cash plan• Holiday buy/sell scheme• Hybrid working policy• Casual dress code• Discretionary bonus• Contributory pension scheme• Dedicated time for proof-of-concepts and assessing new tech• Support to attend conferences, events, and meet-ups• Buy as you earn share scheme• Free share scheme• Paid study support for qualifications• Maternity/paternity scheme • Bike loan• Season ticket loan portal• Discounted PMI and Dental• On-site gym and personal trainer led classes• Paid volunteering opportunities• Free social events and more AJ Bell is committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and all employees are empowered to bring their whole self to work. We do not discriminate on the basis of race, sex, gender identity, sexual orientation, age, pregnancy, religion, physical and mental disability, marital status and any other characteristics protected by the Equality Act 2010. All decisions to hire are based on qualifications, merit and business need.
Information Security Assurance Manager The Security Industry Authority, the regulatory body of the private security industry and part of the Home Office, require an Information Security Assurance Manager to join them for an initial 2-year fixed term contract. This is an exciting opportunity to join an expanding Government Department who can offer continued career growth and development, a flexible, supportive and secure working environment and excellent benefits including 27.5 days holiday (rising to 32.5) and enrolment to the Civil Service Pensions Scheme (27-30% employer contribution). Job Purpose You will provide dedicated information risk and accreditation management and information systems control expertise to the SIA and its service delivery partners. You will provide 2nd line information security assurance, making recommendations and providing advice, guidance and monitoring of the SIA systems information exchange processes and systems data holdings. You will provide expert advice and guidance on the implementation of HMG SPF controls and policies. You will support the Head of Risk and Assurance in creating and maintaining the Project Assurance Framework. Responsibilities *To lead and develop the Information Security Assurance Officer and champion, support and embed independent and robust information security assurance processes. *Advise on all aspects of information assurance management and to assist senior management in maturing our Information Assurance management arrangements. *Manage and advise on the organisation's Information Assurance budget allocation ensuring value for money requirements are met. *Ensure the SIA remains compliant with the minimum mandatory measures of the Security Policy Framework (SPF) and associated HMG Information Security Standards. *Keep abreast of developments and changes in government and industry information assurance policies and practices with a specific emphasis on Protecting Personal Data and Managing Information Risk. *Assist department/division managers and our contracted services providers to remain proactive in assessing and minimizing information security risks and business impacts arising from information processing and ICT services and systems threats and vulnerabilities. *Undertake risk and privacy impact assessments together with department/division managers and appointed security consultants and services providers. *Monitor the effectiveness of our security policies and practices covering physical, procedural and technical controls providing 2nd line assurance. Relevant Knowledge, Skills and Experience Essential *Proven experience in a services delivery organisation (public or private sector) in a similar role *A strong working knowledge of managing information security risks, producing risk assessments and other Information risk management documentation. *Proven ability to assess information systems processes and ICT services and systems threats, vulnerabilities, and risks. *Proven ability to write reports and deliver presentations on information risk management, systems process control, ICT security. *Proven ability to author information security policies and procedures. *Experience of managing budgets. *Experience of managing a team of technical specialists. *Works and communicates effectively and fluently with managers and staff - able to explain complex technical issues in terms that non-technical managers and staff will understand. *Able to meet deadlines, prioritise and organise a busy schedule of work. *Ability to work on own initiative as well as member of a team and as an effective customer service focused deliverer. *Flexible, confident and persuasive, able to influence decision makers. *Candidates must be able to demonstrate a level of awareness of equality and diversity issues appropriate to this role. Desirable *Industry recognised qualifications relevant to information risk and security management (examples are CISSP, CLAS, CISM, CISA, ISO27001 Auditing). *Experience of ICT security management, planning, implementation, and monitoring. *Understanding of ITIL service processes and management relevant to information security. To be successful, applicants must have valid right to work in the UK and be eligible to apply for Security Clearance Badenoch + Clark acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers. Badenoch + Clark UK is an Equal Opportunities Employer. By applying for this role your details will be submitted to Badenoch + Clark. Our Candidate Privacy Information Statement explains how we will use your information - please copy and paste the following link in to your browser: https://en-gb/candidate-privacy
Feb 04, 2022
Full time
Information Security Assurance Manager The Security Industry Authority, the regulatory body of the private security industry and part of the Home Office, require an Information Security Assurance Manager to join them for an initial 2-year fixed term contract. This is an exciting opportunity to join an expanding Government Department who can offer continued career growth and development, a flexible, supportive and secure working environment and excellent benefits including 27.5 days holiday (rising to 32.5) and enrolment to the Civil Service Pensions Scheme (27-30% employer contribution). Job Purpose You will provide dedicated information risk and accreditation management and information systems control expertise to the SIA and its service delivery partners. You will provide 2nd line information security assurance, making recommendations and providing advice, guidance and monitoring of the SIA systems information exchange processes and systems data holdings. You will provide expert advice and guidance on the implementation of HMG SPF controls and policies. You will support the Head of Risk and Assurance in creating and maintaining the Project Assurance Framework. Responsibilities *To lead and develop the Information Security Assurance Officer and champion, support and embed independent and robust information security assurance processes. *Advise on all aspects of information assurance management and to assist senior management in maturing our Information Assurance management arrangements. *Manage and advise on the organisation's Information Assurance budget allocation ensuring value for money requirements are met. *Ensure the SIA remains compliant with the minimum mandatory measures of the Security Policy Framework (SPF) and associated HMG Information Security Standards. *Keep abreast of developments and changes in government and industry information assurance policies and practices with a specific emphasis on Protecting Personal Data and Managing Information Risk. *Assist department/division managers and our contracted services providers to remain proactive in assessing and minimizing information security risks and business impacts arising from information processing and ICT services and systems threats and vulnerabilities. *Undertake risk and privacy impact assessments together with department/division managers and appointed security consultants and services providers. *Monitor the effectiveness of our security policies and practices covering physical, procedural and technical controls providing 2nd line assurance. Relevant Knowledge, Skills and Experience Essential *Proven experience in a services delivery organisation (public or private sector) in a similar role *A strong working knowledge of managing information security risks, producing risk assessments and other Information risk management documentation. *Proven ability to assess information systems processes and ICT services and systems threats, vulnerabilities, and risks. *Proven ability to write reports and deliver presentations on information risk management, systems process control, ICT security. *Proven ability to author information security policies and procedures. *Experience of managing budgets. *Experience of managing a team of technical specialists. *Works and communicates effectively and fluently with managers and staff - able to explain complex technical issues in terms that non-technical managers and staff will understand. *Able to meet deadlines, prioritise and organise a busy schedule of work. *Ability to work on own initiative as well as member of a team and as an effective customer service focused deliverer. *Flexible, confident and persuasive, able to influence decision makers. *Candidates must be able to demonstrate a level of awareness of equality and diversity issues appropriate to this role. Desirable *Industry recognised qualifications relevant to information risk and security management (examples are CISSP, CLAS, CISM, CISA, ISO27001 Auditing). *Experience of ICT security management, planning, implementation, and monitoring. *Understanding of ITIL service processes and management relevant to information security. To be successful, applicants must have valid right to work in the UK and be eligible to apply for Security Clearance Badenoch + Clark acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers. Badenoch + Clark UK is an Equal Opportunities Employer. By applying for this role your details will be submitted to Badenoch + Clark. Our Candidate Privacy Information Statement explains how we will use your information - please copy and paste the following link in to your browser: https://en-gb/candidate-privacy