The Information Security Lead will be responsible for providing leadership in the areas of Information Governance, Data Protection, and Cyber Security. This role involves developing and implementing policies, and ensuring compliance with relevant legislation and standards where we operate. The Information Security Lead will play a crucial role in establishing a robust Information Security Governance framework, managing risks, and implementing effective security measures.
Responsibilities:
General:
- Lead the function to ensure security and operational compliance
- Implement, manage, and update Information Security and Information Governance Policies
- Continuous assessment of current Information Governance and IT security practices
- Provide reporting to the organization and relevant authorities
- Ensure risks are effectively captured and managed within the IT function
Cyber Security:
- Manage and oversee the implementation of the IT security strategy
- Oversee incident response planning and investigate/report security incidents
- Conduct regular information security audit and access control checks
- Identify changing threat models and vulnerabilities, implement risk-based responses
- Manage GDPR compliance and ensure certification of ISO 27001
Information Governance:
- Manage the daily operation of the Information Governance function
- Manage Information Requests and manage operational obligations under GDPR
- Ensure compliance with legislative requirements, including GDPR and other relevant laws
- Manage and maintain a 3rd party register for data sharing agreements
- Minimize the risk of fines through adherence to legislative guidelines
Requirements
- Proven track record in managing Information Security and Governance in a fast paced environment
- Familiarity with industry-standard governance and security frameworks
- Experience in business continuity planning, auditing, and risk management
- Working knowledge of relevant security and compliance laws and standards (GDPR, PCI-DSS, ISO27000, ISO27001)
- Provide leadership and assurance in Information Governance, Data Protection, and Cyber Security
- Develop organizational policies, standards, and guidelines
- Establish links with key internal and external stakeholders
- Embed best practices, transfer knowledge, and develop a community of security champions
- Regularly report risks or opportunities to senior management
Skills:
- Extensive technical understanding and ability to stay updated with IT security developments
- Excellent communication skills, both oral and written
- Thorough understanding of information systems auditing practices
- Ability to influence and present at a senior level
- Commercially aware with exposure to contracting and financial management
Qualifications:
- Degree or equivalent experience
- CISM or CISSP certification
Description of Duties:
- Conduct security control reviews and risk assessments
- Investigate and assess risks of network attacks
- Provide advice on security controls and communicate information assurance issues
- Investigate suspected attacks and manage security incidents
- Review compliance with information security policies and standards
- Promote awareness of policies and procedures