Dental
Dental

Information Security Officer

Surrey

Scope

Our client specialises in innovative technology for the user, created in order to accurately capture real time footage and predominantly aimed at the security sector in particular, public sector.

They have become the most successful European company in this rapidly expanding market and have sold their equipment to the majority of their targeted consumer base in the UK as well as many local authorities and private organisations. They currently sell into over 40 countries and are in the process of rapidly expanding their international activities.

It's an exciting time to work for the company as they continue to lead the world in the development and application of this technology.

Responsibilities

Manages the information security management system and chairs the Information Security Steering Group (ISSG) Meeting and Information Security Management Meeting. He/she reports to the COO (or board level executive) on information security, who in turn provides concurrence at board level. He/she ensures the policies and standards are kept up to date and schedules information audits. Through management processes, ensures ongoing compliance with the ISO 27001:2017 information governance requirements. Assisting with the maintenance and improvement of the companies ISO27001:2017

ISMS, Cyber Essentials and Cyber Essentials Plus for the UK, German and US offices. Liaises with the Information Asset Owners on matters of information security.

Responsibilities – ISO

  • Assisting with the maintenance and improvement of the organization’s ISO27001:2017 ISMS for the UK office.
  • Assisting in implementing, maintaining and in the improvement of the organization’s ISO27001:2017 ISMS for the German Office.
  • Assisting with the maintenance and improvement of the organization’s Cyber Essentials and Cyber Essentials Plus for the UK, USA and the German Offices.
  • The ISO will chair the Information Security Management Meeting and ensure that the meeting minutes are prepared, and the actions raised are recorded in the Management Action Log.
  • The ISO will chair the Information Security Steering Group (ISSG) Meeting and ensure that the meeting minutes are prepared, and the actions raised are recorded in the Continual Improvement (CI) Log.
  • The ISO will co-ordinate the annual review of the ISO27001 documents with the relevant stakeholders.
  • The ISO is to maintain, improve and remediate the Information Security Risk Register and Treatment Plan in liaison with the Asset owners.
  • The ISO is to update the measurement statistics in the Information Security Objectives and Measurements document monthly.
  • The ISO is to project manage the actions raised in the CI Log, Management Action Log and Security Risk Register and Treatment Plan.
  • To contribute to the development and maintenance of an Information Security Policy for the organisation in liaison with the Information Security Steering Group (ISSG).
  • To monitor compliance with the Information Security Policy throughout the organisation and to develop and maintain procedures for effective security.
  • To advise on the allocation of information security responsibilities.
  • To arrange and / or provide information security education and training.
  • To develop and monitor a formal procedure for reporting information security incidents and investigations.
  • To contribute to the business continuity planning process.
  • To advise on the control and monitoring of copying of proprietary software.
  • To advise on and monitor the safeguarding of organisational records.
  • To schedule and plan internal information security audits.
  • To review and appraise the soundness, adequacy and application of security and other controls for the protection of information in accordance with the Statement of Applicability and Annex A of ISO 27001.
  • To ascertain the extent to which information collected, held and/or used in the organisation is properly controlled and safeguarded from loss of confidentiality, integrity, or availability from any cause.
  • To identify and test the controls and, where appropriate, to suggest additional controls, which may be established to maintain the confidentiality, integrity, and availability of information.
  • To bring to the attention of the ISSG and / or COO as appropriate any matters which are considered to be potential risk factors to the proper safeguarding of information within the organisation.
  • To own and drive the ongoing Information Security Steering Group (ISSG) to facilitate the Continuous Improvement methodology required as part of the ISO 27001 Standard and in accordance with the published Terms of Reference for this group.
  • To ensure that adequate monitoring of Application, Operating System and Network Infrastructure logs is in place so that these can be reviewed at regular intervals by the ISO.
  • The ISO is authorised to have access to all the organisation’s systems for the purpose of assessing the security of those systems. The ISO may expect the co-operation of all staff in carrying out these duties including access to systems and records, and the provision of information and explanations. In the event of co-operation not being forthcoming the ISO will be expected to report to the ISSG or COO accordingly.

About You

  • Excellent organisational skills to plan and use people and resources to ensure deadlines are met.
  • Ability to self-organise and prioritise as required.
  • Ability to communicate effectively.
  • ISO 27001 qualification.
  • Minimum of 2 years’ experience as an Information Security Officer.
  • The ability to use initiative and make decisions under pressure.
If you are interested in the above role then please apply or get in touch to discuss further.
Oliver Allen Managed by Oliver Allen
highlights
South East
Permanent
Sales
apply Posted - 26.01.2021

Apply Now

Allowed files: Word, pdf and txt

Consult will endeavour to contact candidates within 14 days of application. However, if you do not hear back after 2 weeks then please assume on this occasion, unfortunately, you have not been successful.