Information Security Officer
An international organisation in Birmingham is looking for an Information Security Officer to join their team.
Location: Central Birmingham
Your role as the Information Security officer would involve maintaining the ISO27001 certification and be involved in the scope expansion of ISO27001. You would promote Information Security across the business, develop and maintain Information Security policies and Procedures, do Information Security Audits and additional related tasks.
Overall, this is not a technical role but a compliance role.
You would identify risks and actively work with other departments to ensure that they are identified, assessed and prevented.
- Assist with governance and compliance of the information security policy, standards, procedures, and guidelines to prevent the unauthorised use, release, modification, or destruction of data.
- Promote Security Policy to minimise security breaches and to protect the confidentiality, integrity and availability of the Firm's information by ensuring that appropriate measures are taken.
- Make new information security policies compliant to the Data Protection Act 1998 and other legislation and regulations when you help develop, implement and enforce them. This includes reviewing the policies on a regular basis.
- Provide guidance and advice regarding information security where required
- Assess potential risks to Data Protection, SRA, legal, regulatory and information security requirements.
- Manage the information security incident reporting process, including legal, regulatory and compliance incidents. This includes the reporting of information security incidents, policy breaches and new risks to the Data Protection Officer, Compliance Officer for Legal Practice and the information security forum.
- Maintain the information security risk register and liaise with other departments to ensure all the risks have been identified and documented.
- Assist in making information security a part of the corporate culture through security awareness training for fellow employees.
- Conduct internal audits in liaison with the audit team to ensure compliance. Provide advice and take action, where necessary.
- Audit 3rd parties when required.
- Provide guidance to fee earners on compliance to information security regulatory requirements, which also include information security contractual requirement for clients.
- Create and Maintain ISO27001 Compliant security documents.
- Coordinate the activities of the Information Security Forum and assist in chairing the Information Security Forum meetings.
- Monitor changes in regulatory compliance and recommend and implement changes accordingly
- Act as a point of escalation for any information security alerts or issues which has been raised by other departments, or potentially from monitoring systems (which will be reported by the IT Department.)
- Identify information security threats and vulnerabilities, assess information security risks and advise the relevant team on appropriate methods and security configurations to protect and prevent impact to the Firm’s systems.
- Work with the appropriate internal department and outside agencies to conduct forensic investigations in the event of an Information Security Incident.
- Ensure the IT Department have sufficient technical safeguards in place to satisfy defined ISO27001 controls, and assist with educational and improvement programs to meet such standards.
- To work cooperatively with the project teams and ensure that new project and changes adhere to the information security policies. Act as a consultant to projects, advising on matters relating to information security.
- Contribute to the Business Continuity documentation and work with the IT Department in relation to any planning, training and tests as required.
- Respond to client information security questionnaires; review the security clauses within client information security requirements and contracts to ensure compliance.
- Provide guidance to the Central Procurement Contracts PCP team to ensure the appropriate information security requirements are included in our third party contracts to ensure the Firms and client information is adequately protected.
- Remain abreast of trends and issues in information security particularly within the legal industry and be able to assess the degree of threat posed by external and internal emergent trends and propose proactive mitigation where relevant.
- Business, Finance or Technology Degree
- CISM Certified (Certificate in information Security Management) preferable but not essential
- Relevant information security training or information security management systems auditing highly desirable.
- Demonstrate a good working knowledge of industry IT compliance standards, particularly in design and implementation of an ISMS in compliance to ISO27001.
- Knowledge of information security principles and best practices such as ISO 27001 and experience in managing information security risk as well.
- Basic understanding of IT and IT security controls.
- Practical knowledge and experience in writing and implementing information security strategy, policies and procedures.
- Ability to present to all levels including senior partners to raise awareness of Information Security throughout the firm.
- Proven ability to communicate proposals to the business to facilitate the introduction of new/additions to information security systems and processes into the operational environment.
- Implementation of security training and awareness programmes to staff.
- Proven experience in information Security Incident Response/Investigations.
- It would also be advantageous to have knowledge and experience in:
- Managing Information Security within a Professional Services organisation.
- Information Security Auditing Techniques.