Information Security Design - Stratford, United Kingdom - Cancer Research UK

Cancer Research UK

Verified Company

Stratford, United Kingdom

3 weeks ago

Posted by:

Tom O´Connor

beBee Recruiter

Description

4,000 professionals, 0 days wasted, 1 incredible purpose. Together we will beat cancer.

Information Security Design & Assurance Lead (SFIA Level 5+)

£65,000-£70,000

Reports to:
Head of Information Security & Privacy

Department:
Chief Operating Office

Contract: 18 month fixed-term contract

Hours:
Full time 35 hours per week

We're open to a variety of ways of working, including full time, part time, job share and compressed hours.

Location:
Stratford, London Office-based with high flexibility (1-2 days per week in the office)

Interview date:
From the week commencing 08 May 2023

Application method:
At Cancer Research UK, we exist to beat cancer.

We are professionals with purpose, beating cancer every day. But we need to go much further and much faster. That's why we're looking for someone talented, someone who wants to develop their skills, someone like you.

This is a newly created, leading role within Cancer Research UK's Data Privacy Design & Assurance team which is part of our innovative Technology directorate.

The team plays an essential role in providing Cancer Research UK leadership with an understanding of information security risk and assurance, ensuring effective controls are in place, and providing strategic vision and practical support to our technology portfolios and business teams.

As a Security Design & Assurance Lead, you will play an influential role in protecting the charity by embedding secure by design principles into the development and maintenance of the organisation's technology products within an Agile framework.

This will involve leading a team of Information Security Specialists and partnering with our Heads of Portfolio, Head of Architecture & Data, and other key stakeholders to have a strategic view of security design and assurance best practices across our Technology estate.

You will also maintain accurate information about our systems, data, and processes through which information and data are processed while monitoring compliance across the organisation with Information Security policies.

What will I be doing?

Supporting the Heads of Portfolio and Head of Architecture & Data to ensure that the overall Technology ecosystem is designed in a secure way
Leading a team of Information Security Specialists (each embedded within a Technology Portfolio team) to:
Advise Product teams and the wider organisation on compliance with Information Security Policy and requirements
Advise on best practice security architecture and systems configuration
Maintain accurate and uptodate information on Technology assets
Map data and systems which involves systems integration, and undertaking and supporting security risk management (including threat monitoring and ongoing monitoring)
Undertake due diligence on third parties and suppliers to ensure that they can comply with Information Security policy and requirements
Undertake or facilitate security and control testing
Provide or facilitate informal and formal assurance (e.g. PCI DSS, NHS Toolkit, Gambling Commission)
Support security incident management
Embedding information security and assurance good practice within own portfolio by providing stafffocused training material, ongoing awareness activity, and a comprehensive development approach for Technology colleagues
Planning and driving scoping, requirements definition, and prioritisation activities for large, complex initiatives
Horizon scanning and keeping informed of any potential or planned changes in the external environment (including but not limited to changes in the legal or regulatory requirements and industry best practices for cybersecurity, data protection, or information management).
Partnering with external vendors and suppliers to maintain an uptodate view of current cyber security trends and threats.
Acting as a highly collaborative leader, role modelling Cancer Research UK leadership behaviours and values within the Technology Team and beyond.

What skills are you looking for?

Information Security Architect, Information Risk & Assurance Lead, or InfoSec Controls Lead, or equivalent with a background in security architecture and data classification within a large organisation.
Demonstrable background working within Skills Framework for the Information Age (SFIA Level 5+)
Solutionsdriven and outcomefocussed with experience identifying and mitigating security risks
Subject matter expert in information security standards and practice (including PCI DSS and ISO with an understanding of relevant legislation (e.g., Data Protection Act 2018, UK General Data Protection Regulations, and Privacy of Electronic Communication Regulations).
Excellent stakeholder management and communication skills with an ability to convey complex information to technical and nontechnical audiences
Background in people management (ideally within a matrix management framework).

Desirable: