Cyber Compliance Specialist - London, United Kingdom - Police ICT

Police ICT
Police ICT
Verified Company
London, United Kingdom

1 month ago

Tom O´Connor

Posted by:

Tom O´Connor

beBee Recruiter
Description

_About Police Digital Service_


We exist to harness the power of digital, data and technology to enable UK policing to better protect the communities it serves.

Ours is a team of experts in commercial services, technical assurance, data, digital transformation and innovation, with a uniqueexperience in policing and national programme delivery.


_Why Join us? _

  • Balance is important and we want you to take time off to recharge so we offer 28 days' annual leave plus bank holidays, rising to 30 days after 5 years of service.
  • We care about your wellbeing we have an employee assistance programme that offers not just welfare benefits and counselling at the end of a telephone line but also discounts.
  • We want to help you plan for the future so we offer an excellent pension scheme and life assurance cover.
  • We want you to be able to put your mind at rest regarding your health offering remote GP, mental health and physiotherapy appointments via video consultation.

You can find out more here:
Benefits - Police Digital Service )


_The Role and Responsibilities_
The Cyber Compliance Specialist is responsible for monitoring compliance against national policing policy, standards, and security blueprints.

It will offer an exciting opportunity to be involved in collaborative working with police data communities, keystakeholders, partners and suppliers.


In particular, the duties of the role involve:

  • Advise and guide users on effective cyber risk management and compliance.
  • Identify cyber risks and advise on appropriate controls and mitigations, ensuring these are articulated in terms meaningful to the business.
  • Support the resolution of major compliance and risk issues and advise on cyber risk management decisions and remedial actions.
  • Advise where risks should not be tolerated and provide a point of escalation, using professional judgement and factoring in risk appetite.
  • Review, assess and assure cyber security documentation.
  • Advise on cyber risk management matters relating to the supply chain and managed service providers.
  • Contribute to the continuous improvement of agreed Cyber processes, policies and standards and advise on ongoing compliance.
  • Monitor technological, social and scientific trends that could influence PDS CS risk and compliance planning and management.
  • Contribute to the PDS Cyber Services Risk and Compliance monitoring plan.
  • Work with the Cyber Policies and Standards team to contribute to information security policies and standards.
  • Collaborate on the requirements, design, development and implementation of automated solutions.
  • Provide direction, oversight and guidance to security risk and compliance subcontractors.
  • Deliver the Police Assured Secure Facilities service and provide metrics to inform compliance and risk reporting.
  • Conduct Supplier Assurance for National Systems and services.
  • Work with Information Security and Risk training and education providers to uplift the skills, knowledge and capability of the UK Policing IS&R community.
-
Essential Experience_

  • Proven IT/Information security and risk experience in large organisations with complex security and compliance requirements.
  • Experience of conducting risk reviews in one or more of the following cloud service provider environments: Microsoft Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP).
  • Experience in defining and/or implementing security controls across multiple layers of the IT architecture stack.
  • Strong knowledge and ability to demonstrate the use of the NIST Cyber Security Framework, mapping and translating NIST Cyber Security Controls to other frameworks such as ISO27001 and CIS Top 20 controls, including understanding of the Azure Cloud AdoptionFramework.
  • Demonstrate a track record of developing strong working relationships with a wide number of stakeholders, particularly in managing expectations across a large number of disparate customer, supplier and stakeholder groups.
  • Experience delivering risk and issue remediation in large complex organisations.
  • Relevant knowledge and experience in one or more of the following areas: cloud security (security controls, assessments, privacy and regulatory risks, security frameworks), Security Operations, Infrastructure Security, Application Security and DevSecOps.
  • Good ability to undertake qualitative and quantitative risk analysis in support of business decision making and information risk management.
  • Analytical, literacy and numeracy skills sufficient to research, interpret, compile and write Risk and Compliance reports on PDS related issues.
  • Excellent understanding of both procedural & technical compliance monitoring capabilities.
  • Knowledge of supplier assurance frameworks and solutions.
  • Demonstrable knowledge of the latest IT thinking and risk modelling methods together with a proven ability to implement and incorporate such solutions into systems and services.
  • The ability to produce clear, persuasive written and verbal communications which engage and influence colleagues and external stakeholders at a range of levels.
  • Good understanding of privacy requirements (including GDPR and DPA 2018).
  • Strong engagement focus and proactive style, that motivates, builds trust and inspires colleagues and other delivery partners to engage with PDS productively.
-
Desirable Experience_

  • Experience implementing cyber risk management and compliance methodologies and processes.
  • Experience managing subcontractors providing technical risk consulting teams.
  • An industry recognised certification in Information Security and/or Risk Management

_Working Arrangements_
This is a remote working role.
More jobs from Police ICT
See all jobs of Police ICT