Senior Information Security Specialist
Location: Flexible location with some travel to other sites
Salary £50k - £55k
This is an extremely exciting opportunity for an experienced Information Security professional experienced in implementing and consulting on ISO2001 who would now like to progress their skills to be involved and oversee SOC2 compliance. You will be joining an established Information Security team within the Group Risk and Assurance function, providing subject matter expertise and support across the Group. This role will have exposure to achieving SOC2 compliance and is the perfect opportunity to add the experience to your experience.
Our ideal candidate is an all-round Information Security professional with solid experience implementing Information Security Management Systems mapped to ISO27001 or other relevant security framework. You should be able to demonstrate solid understanding of information security controls, risk management and experience working within projects. You do not have to have direct SOC2 experience but a good understanding is key.
• SOC2 compliance delivery and security project lead as part of a project team
• Provide consultancy to delivery partners
• Support on required certifications - ISO27001 and Cyber Essentials Plus
• Support the business and delivery partners to recommend and support the implementation of controls to meet SOC2 criteria.
• Subject Matter Expert relating to Security Risk as part of the project team.
• Develop and improve security policies, procedures, security standards and guidance documents.
Skills and Experience
• Substantial experience of implementing measures to meet Information Security standards, e.g. ISO27001 and Cyber Essentials Plus.
• Experience of providing Information Security subject matter expertise as a point of contact for the business.
• Solid understanding of SOC2 and the requirements for compliance.
• Implementation of ISO 27001.
• Highly experienced in Risk Management methodologies and risk-based techniques
• Experience of planning, managing and following up all assurance assessments undertaken with a clear trail of actions completed.
• Demonstrable ability to work with senior managers and have personal impact with operational management teams.
• Very good knowledge of IT systems and ability to understand the risks and controls therein.
• Ability to work flexibly and travel to identified locations in the UK
• Experience of writing and implementing policies and procedures.
• A recognised professional Information Security qualification such as CISM, CISSP, etc.
• Experience being part of a project team supporting the business to be SOC2 compliant.
• Experience of working for an organisation in a multi-site setting.
• A natural leader who can take responsibility with minimum supervision.
• Experience working within both, the first and second lines of defence.