The team at AT Technology is looking for a qualified Cyber Security Officer to provide expert advice, support & management on information security related matters throughout the organization including maintaining & continually improving the Information Security Management System (ISMS) in accordance with ISO 27001 & GDPR.
The Cyber Security Officer will:
• Identify & mitigate information security risks in line with industry practices, the risk appetite of the business & any legal, regulatory or contractual requirements
• Ensure compliance to legal, regulatory & contractual Information Security requirements & internationally recognized standards are integrated as part of “business as usual” activities
• Ensure suppliers operate under similar requirements & conduct appropriate & proportionate due diligence assessments
• Undertake Business Impact Assessments (BIA) and Information Security Management Reviews as necessary across the business – identifying risks, deficiencies, improvements & requirements in operational & technical controls
• Chair the Information Security fortnightly workshops/meetings across the organization
• Co-ordinate & liaise with external auditors & assessors as necessary
• Control & administer the NHS Web and Security (compliance) programme
• Provide up to date Information Security advice to business projects, incorporating Risk Acceptance Criteria Notices (RANs)
• Manage & update Information Security policies, standards & operational processes
Experience required
• Min 3-5 years of experience in Information/Cyber Security
• Good knowledge of ISO 27000 family
• Good knowledge of Information Security audit
• Graduate with relevant degree
• Excellent communication skills
Good to have:
• CRISC certified
• CISSP / CISA or equivalent Information Security or Systems Audit accreditation