Information Security Officer
£50-60k plus benefits
The company requires an Information Security Officer to maintain and further develop the company’s ISO27001 ISMS and to respond to client requests for Information regarding the company’s information security posture.
Our mission is to connect people to knowledge. We provide intuitive, cognitive knowledge solutions – minimising the effort required for people to find, consume and share what they know.
- Be passionate and committed.
- Obsess over customers, not competitors.
- Defy conventions - always think BIG.
- Express the will to be awesome.
- Keep calm and embrace the weird.
The company is a highly successful Software as a Service company and leading provider of multi-channel Knowledge Solutions for customer-facing websites, corporate intranets and contact centres. Enabling organisations to achieve high-impact wins on improved service, reduced costs and increased sales. The company’s corporate headquarters are in Cambridge, UK.
As an Information Security Officer, you’ll be joining a small team responsible for the continuous service delivery of SaaS services from UK data-centre facilities.
Key Tasks and Responsibilities
- Day to day maintenance and drafting of the company’s information security policies, procedures and work processes ensuring that these meet and exceed the requirements of ISO27001.
- Ensuring that all information security policies and procedures are justifiable and responsible for attaining senior management approval of these policies.
- Performing business impact and risk assessments on the company and 3rd party suppliers.
- Assisting with the on-going design, testing and maintenance of BCP/DR plans.
- Ensuring that the company's information security posture meets the requirements of clients.
- Responding to client requests for information.
- Supervising (ISO27001) internal audits and auditing suppliers.
- Developing and running a security awareness programme.
- Chair and organise information security management forum meetings.
- Ensuring adequate internal action and timely response for information security related incidents.
- Managing and maintaining an ISMS action list ensuring that all audit observations and non-conformities are documented and actioned.
- Support the business in the development of ISO20000, ISO9001 and PCI-DSS compliance when the need arises.
- Assistance with all asset registers.
- In addition the post holder may be required to carry out such other duties as may reasonably be required from time to time, to achieve the above job purpose.
- Proven experience in Information Security.
- Understanding of ISO27001 certification requirements, ideally through involvement with delivery of such certification to a previous employer or client company if delivered in a consulting role.
- Detailed knowledge of ISO27001.
- Detailed knowledge of IT security.
- Detailed knowledge of ISO audit processes.
- Able to solve problems quickly and completely, displaying independent problems solving and self-direction skills.
- Strong communication skills; capable of writing security policies and writing documentation for sharing with clients and prospects.
- Able to document standard operating procedures in a concise and accurate manner.
- Able to grasp and balance the needs of the business and of the client with regards to information security.
- Able to work on multiple projects.
- Ability to verbally reason and justifiably persuade others.
- Dedicated to the quality of work, meticulous about detail and capable of working pro-actively in carrying out the day-to-day role with limited need for supervision.
- Work will involve dealing with public sector clients and the candidate must be willing and able to undergo UK security clearance.
- Desirable --- knowledge of BCP/DR planning ISO23001.
- Desirable --- knowledge of PCI-DSS Service Provider Level 1.
- Desirable --- knowledge of SOX/SAS security requirements and audits.
- Desirable --- knowledge of ISO20000 or ITLv2/ITLv3.
- CISSP or CISA certification preferred.