Redland Search
,
Bristol, Bristol
Information Security Officer
|
Job Type: Full-time |
---|---|
|
Salary: £40,000 per annum |
Overview
This organisation is an award-winning, full service, commercial law firm which is named by The Financial Times as one of Europe's most innovative law firms. The firm is rapidly developing a national reputation for its innovative approach to delivering legal services, and for its strengths in the financial services, leisure, retail & consumer goods, technology, media & telecoms, renewables, housing and public sectors. We are looking for an Information Security Officer to: continue the enhancement and implementation of information security and data processing policies and standards across the firm and in particular, auditing and maintaining our ISO27001 processes and accreditation. lead the information security team lead the firm-wide information security forum lead on client infosec audits act as a point of reference on best practice in relation to IT governance, controls and practices across the firm offer training on aspects of information security policy to the firm as required. Key experience required: Proven experience of implementing an information security management system (ISMS) and maintaining certification standards; Experience in undertaking internal and third party audits covering IT governance and information security controls; Solid understanding of IT and experience in developing IT governance, controls and best practices in the form of the IT infrastructure library (ITIL) and IT service management certification (BS ISO/IEC 20000). Proven ability to assess information systems processes, IT services and associated systems threats, vulnerabilities and risks. Proven ability to write easy to understand reports and deliver presentations on information risk management, systems process control and audit reports. Proven ability to author and revise information security policies and procedures. Proven ability to work and communicate effectively and fluently with managers and staff, including the ability to explain complex technical issues in terms that non-technical managers and staff will understand. An understanding of a business continuity role and/or policies processes and plans. Auditing IT suppliers as to their own IT security and controls; Responsibilities will include: Acting as the central point of contact within the organisation with regards to information security. Managing the information security team Ensuring continued compliance against BS ISO/IEC 27001, 20000 and 9001 certifications for all office locations (except Greece), including planning and coordinating regular external surveillance and re-certification audits; Identifying, recording, progressing and closing information security risks Recording, progressing and closing external audit non-conformities. • Planning and implementing extensions to the scope of external certifications where the company changes its scope of operations, for instance, additional locations or new ways of working; Monitoring and managing the day to day Information security management system (ISMS); Plan, manage and undertake internal and third-party audits on IT governance, information security and controls; Undertake information security risk assessments. Assist all areas of the firm and its contracted services providers to remain proactive in assessing and minimising information security risks and business impacts arising from information processing, IT services and systems and threats and vulnerabilities. Provide input into ISMS questions raised in Tenders for work; Manage the process of client information gathering and information security questionnaires including inspection visits to client's premises as necessary; Coordinate ongoing business continuity processes and assist in developing business continuity plans and testing of such plans. Encourage a continual service improvement culture within the firm; Develop and implement firm-wide information security awareness programmes and keep the information security internal web site up-to-date; Coordinate the Information security forum and record and progress information on security-specific risks and incidents. Manage the clear desk policy and assist the work area champions group; Write, update and advise on changes to information security and quality policies and procedures as well as oversee their implementation with managers and staff; Monitor the effectiveness of the physical security policies and practices, covering physical, procedural and technical controls. Monitor and keep under review the security incident management/reporting processes and maintain/monitor the information security risk register/s for specific areas/systems and the firm generally. Coordinate and plan the implementation of any other certification standards that the firm may feel appropriate to support/protect its business and to the benefit of its clients. Knowledge, skills and experience Proven experience of having managed an Information security management system (ISMS) and maintaining ISO27001 certification in a multi-site operation; Solid understanding of IT and experience in developing IT governance, controls and best practice processes in the form of the IT infrastructure library (ITIL) and IT service management certification (BS ISO/IEC 20000); Considerable experience in undertaking a range of internal and third-party audits around Information security, data protection and IT governance and controls; Experience in developing physical security best practice processes and controls; Good understanding of the Data Protection Act and GDPR provisions; Excellent understanding and practical experience of the principles of risk assessment and risk treatment, including operational risk as well as compliance monitoring and reporting; Proven experience writing policies and procedural documentation for IT systems/requirements.