Senior Information Security Specialist - London, United Kingdom - National Audit Office

National Audit Office

Verified Company

London, United Kingdom

2 weeks ago

Posted by:

Tom O´Connor

beBee Recruiter

Description

Job title

Senior Information Security Specialist
Minimum salary
GBP 55,000.00
Maximum salary
GBP 70,000.00
Location
London
Close date
11/12/2023
Job description:

Job description

This role would ideally suit someone who could bring energy and fresh ideas to a highly motivated team. We would like someone who can challenge the status quo in a positive way and make a real difference in security. The person we are looking for has a good understanding of InfoSec and can hit the ground running, supporting in driving our processes forward.
We need a selfstarter who is ready to get stuck into a wide range of work, across ISO27001, Risk and Compliance and beyond.
Why are we recruiting for this role?
We have a lot to do and there is scope to really make an impact in this role.
As a Security team we are integral to the delivery of the NAO's strategy, ensuring its goals are achieved safely and securely.
We need an analyst with a broad InfoSec understanding, who will be working across the breadth of Information Security controls, within a complex and challenging, data rich organisation.
This Senior Security Analyst role will support the development of our security management system and its policies, standards, and procedures, helping transform the NAO's security posture and risk profile, supporting our ambition of being an exemplar organisation.
Who are the team?
The Information Security Analyst sits within an inclusive, respectful, and sometimes fun team of information security professionals, responsible for enabling the business to better understand, identify and manage the threats and risks that impact the NAO's ability to deliver on its vision and strategy.
About the National Audit Office
The National Audit Office (NAO) is the UK's main public sector audit body. Independent of government, we have responsibility for auditing the accounts of various public sector bodies, examining the propriety of government spending, assessing risks to financial control and accountability, and reviewing the economy, efficiency and effectiveness of programmes, projects, and activities.
We report directly to Parliament, through the Committee of Public Accounts of the House of Commons which uses our reports as the basis of its own investigations. We employ some 900 staff, most of whom are qualified accountants, trainees, or technicians. They work in one of two main areas, financial audit, or value for money (VFM) audit.
Reporting to:

Information Security Manager:

GRC

Internal: Close working relationships with Info Sec peers, Digital Services, development teams and the broader organisation.
External: All high and medium risk supplier to the NAO, Microsoft and other key suppliers, vendors, and peers in similar organisations.
Resources Managed: None
Responsibilities
The Senior Information Security Specialist will be responsible for the following.

Main Responsibilities

The Senior Information Security Specialist will be instrumental in delivering and running several of the NAO's information security capabilities, will be involved in investigations, developing stakeholder relationships, as well as identifying and delivering new initiatives.

Information Security Management System

Working with the Information Security Manager to drive and deliver the NAO's Information Security management systems.
Contributing to defining and refining what great Info Sec looks like, embedding the use of best practice controls across the organisation.
Managing the annual recertifications.
Developing existing and delivering new InfoSec policies, standards, and controls.
Supporting the delivery of an ongoing security awareness and training strategy.
Ensure that NAO information assets are recorded, assessed, monitored, and appropriately protected.
Evangelise information security as an SME, across the NAO.
Support in ensuring underlying systems are developed, and the associated controls deliver value to the organisation and support continual improvement.

Governance

Delivering great governance across the organisation's Information Security functions, ensuring that senior stakeholders understand how effective the NAO's information Security is.
Maintain the team's information security policy suite ensuring that the policies continue to support the organisation in its security responsibilities.
Administer the annual policy review process.

Risk

Support in finessing the Risk Framework
Maintaining the NAO's InfoSec risk register and driving appropriate and pragmatic risk treatment solutions to conclusion within defined timescales.
Proactively risk assess NAO activities, recording risks and handing over to the business.
Ensuring that the NAO's information security priorities, programs and controls are risk based.
Supporting the wider organisation with its treatment of Information Security risks across all change and BC/DR plans.

Compliance