Information Security Officer
- Posted April 26, 2024
- £65000 - £70000 per annum + + benefits
- Exeter - Fully Remote
- Permanent
Job Title: Information Security Officer
Location: Exeter – Fully Remote
Salary: £65,000 – £70,000 + benefits
Are you an experienced Information Security Officer looking for your next challenge? If so, this could be the ideal opportunity for you. My client, a specialist financial services business with an excellent reputation, is currently investing within their Information/Cyber Security team. As part of this investment, they are looking to hire an Information Security Officer to join the team.
Reporting directly into the CISO you will provide the specialist expertise to maintain and support IT security strategies by managing the overall IT security governance and compliance processes, ensuring that effective IT security controls and processes are being implemented across the business. They are also undergoing a major transformation programme at the moment and the role will be instrumental in supporting the projects by providing project assurance from an information security perspective.
Key responsibilities
- To probe systems and processes to ensure appropriate controls are applied.
- Provide security advice based on best practice to IT or Systems Owners.
- Evaluation and risk assessment of new suppliers, software, systems or technologies.
- Annual security reviews and risk assessment of IT suppliers.
- Perform penetration testing.
- Analyse IT requirements and provide objective advice on best practice IT security.
- Identify and mitigate network vulnerabilities.
- Research/evaluate emerging cyber security threats and ways to manage them.
- Plan and test for disaster recovery, business continuity and create contingency plans for the event of any security breaches.
- Monitor for attacks, intrusions and unusual, unauthorised or illegal activity.
- Identify any gaps in controls on systems eg Active Directory, Intune, AWS, etc.
- Control use of software libraries by developers and ensure vulnerabilities identified are resolved.
- Conduct personalised Security Training for different employee groups.
- Conduct internal audit under CISO supervision.
- Investigate security alerts and provide support for incident response.
- Maintain an information security risk register and assist with internal and external audits relating to information security.
- Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues.
- Review and refine IT security controls to ensure that they are appropriate to mitigate underlying resilience and residual risk.
- To influence and manage IT security development best practices on the codebase for both internal and external development teams.
- To design the security architecture topology, making sure it is part of the Service management framework.
- To oversee all ongoing activities related to the development, implementation, and maintenance of information security policies and procedures by ensuring these policies and procedures encompass the overall security of information at rest or in transit within the systems.
- To ensure vulnerabilities are managed by directing periodic internal/external penetration tests using ethical hacking.
- Upon request of the CISO, to deputise any meetings as necessary to prioritise recommended improvements.
Skills and Experience required
- Proven background within a similar Information Security Officer position.
- Proven background within Information Security using proven methodologies with external resources.
- Information Security certification (CISSP, CEH, CISM, etc)
- A strong knowledge of ISO27001 and Cyber Essentials +
- Systematic problem-solving approach, coupled with a strong sense of ownership and drive.
- The ability to explain the risk of security threats and creating mitigations.
- Experience with securing cloud-based services such as Azure or AWS.
- A good understanding of GDPR standards and practices.
- Excellent written and verbal communications skills as appropriate for the needs of the audience.
For more information or to apply please send a copy of your CV to [email protected]