Infosec Champion - Harmondsworth, United Kingdom - Mitie

Mitie

Verified Company

Harmondsworth, United Kingdom

2 weeks ago

Posted by:

Tom O´Connor

beBee Recruiter

Description

InfoSec Champion Job Description

Job Title:
InfoSec Champion

Salary:
£50K - £60K (Depending on experience) pension, healthcare, life insurance, 25 days holiday

Objectives

To be a single point of contact for all information security related tasks and promote good security practices thought the Care and Custody line of business
Ensure the confidentiality, integrity and Availability of Care and Custody s information assets is adequately protected
Ensure certification to ISO27001 for Care and Custody is maintained and appropriate business functions within Care and Custody are brought into scope

Job Responsibilities/Main duties

Promote good information security practices throughout Care and Custody and be an ambassador for information security
Develop and own the Information Security Management Plan
Ensure Care and Custody maintains its certification to ISO270
Work with Mitie's Information Security Consultant to bring other business functions within Care and Custody into scope of ISO27002 certification
Ensure policies and procedures (specific to Care and Custody) align to ISO27001/Mitie group requirements
Develop local Care and Custody procedures as necessary
Review and update of relevant GDPR and Privacy Documentation.
DPIA evaluation and creation in line with Head Contracts
Identify any legal regulatory or contractual requirements that are applicable to Care and Custody
Identify applicable information assets
Perform risk and control selfassessments
Carry out risk assessments and participate in risks assessment workshops
Develop risk treatment plants and gain approval for the plan form risk owner(s)
Maintaining & coordinating annual IT Health Check & Penetration testing activities
Supporting review of IT Health Check & Penetration test results ensuring appropriate remediations are implemented
Facilitate internal and external audits, acting as the single point of contact for all enquiry's
Coordinating and chairing the Security Working Group with client Information Security Accreditors
Aid the delivery of security awareness training to Care and Custody staff

Knowledge/Skills

Desirable

ISO27001 Auditor/Implementer/Lead Auditor qualification desirable
Security related qualifications SSCP/CISSP

Essential

Thorough understanding of the ISO27001/2 standards
Experience in performing risk assessments
Demonstrable experience in performing control evolutions
Excellent interpersonal skills and comfortable at communicating at all levels within an organisation, in a wide variety of situations
Strong business facing communications skills both written and verbal
The ability to translate security requirements and standards into easily understood business concepts and vice versa

GDPR [KL1]

new line added [KL2]