Information Security Officer - Edinburgh, United Kingdom - Kin + Carta

Kin + Carta

Verified Company

Edinburgh, United Kingdom

2 weeks ago

Posted by:

Tom O´Connor

beBee Recruiter

Description

About Kin + Carta:

Want to help build a world that works better for everyone? Kin + Carta is a global digital transformation consultancy that makes a difference to the billions who now work, play, shop, communicate and share online.

Join 1,600 curious and diverse minds in connecting people, data and technology to produce amazing experiences for some of the world's most influential companies.

Become a maker, builder or creator as we explore the possibilities of sustainable digital technology, helping clients to rapidly innovate, modernise their systems, enable their teams, and optimise for continued growth.

We focus on tech but we're a proudly inclusive business with trust and human connection at its heart.

People, the planet, and profit matter equally to us which is why we're a certified B Corporation in the United States and Europe.

With additional offices in South America, there is a place for you here wherever you're based.

The role in a nutshell:

Directly reporting to the Global Head of Digital Defence (Information Security) the European Information Security Officer will drive and support standards of Information Security for K+C across Europe aligned with Global operations.

The goal is to establish a globally recognised information security management system to build One Secure Kin and Carta.

This role will give you the opportunity to progress to an Information Security Manager, and extend the team out as the company brings on more customers and grows.

What you can expect:

The Information Security Officer will be responsible for identifying security requirements, maintaining standards and auditing stakeholder operations to ensure the continued improvement of Information Security standards are compliant across the region and aligned globally through exceptional service, clear communication, strong tenacity and technical expertise.

Key Responsibilities

Pursue infosec excellence for the region with the continuous development and management of K+C InfoSec standards to ensure compliance for Cyber Essentials Plus, PCI-DSS, ISO 27001 and other stakeholder requirements.
Perform internal security reviews against operational activities in line with international standards.
Security assess new and current suppliers plan, organise and review Digital implementations, tools, APIs and platforms.
Support the completion of stakeholder infoSec schedules for RFPs, MSAs, delivery and project teams, by resolving project queries and approval of security requirements
Contribute to the InfoSec Risk Register and collaborate on treatment of risks tailored to the needs of the region. Manage and track mitigations, remediations and compensating controls.
Completing Information Security assessments from external parties in a timely manner
Establish and review monitoring and logging process and standards
Designing, delivering and monitoring InfoSec training and awareness
Integral part of Incident Management Team
Contribute to the performance and improvement of the ISMS
Reviewer and approver of ISMS documentation
Collaborate with K+C and CDS, providing information security consultancy, strategy and implementation planning along with the prioritisation of the highest impact projects
Joint responsibility with the Digital Defence team for all BAU tickets and tasks and recording time and tag allocation.
Attend, facilitate, and/or capture meetings and content
Contributor to cyber and information security reports, briefings and whitepapers
Help define and provide data for KPIs
Consult and educate Kin on good infosec practices.

The type of person we'd love to meet:

Experience in a security role with the emphasis on risk, policy and governance
ISMS Documentation Development
Technical understanding with an investigative mindset.
Ability to identify and educate technical and operational security improvements
A working understanding of security frameworks or methodologies, CyberEssentials (Plus) and/or ISO2700
Exposure to Enterprise Security tools AV, Vulnerability, IAM, SSO.
Efficient, firm but friendly character that will ensure tasks are being instigated and confident enough to escalate where necessary.
Continuous improvement with activities that stretch you beyond your job role, an opportunist who finds the positive side of a challenge.
Critical Thinking with a mindset that considers solutions prior to presenting challenges
Lead and produce quality work with mínimal guidance.
Collaboratively work with 3rd parties and handle challenging relationships with diplomacy and balance.
Understanding and mapping business context against information security best practices
Strong stakeholder management skills, with the ability to drive change and improvements across K+C.
Acting honourably, honestly, justly, responsibly, and legally.