The Information Security group currently has three different areas of focus - security operations centre focused on protective monitoring, a technical risk assessment and business engagement team and a policy and compliance team.
The Information Security team work together across the organisation:
·Keeping the information systems secure
·Writing and ensuring compliance with information security related policies
·Liaising with 3rd party suppliers
·Conducting risk assessments and compliance reviews
·Managing information security related risks
·Providing advice, guidance, training, and awareness activities
·Monitoring the security of our networks and systems
·Providing cyber threat intelligence to the wider organisation
The successful candidate will have good experience in IT, risk or security fields. They will be required to provide security advice and support to all areas of the organisation. Key areas of focus include security risk assessment of web applications, infrastructure/systems, projects and third party services; oversight and follow up of penetration testing activity; and incident/threat response.
·Good experience in technology, risk or security related roles, with demonstrable experience of identifying and managing information security risks
·Strong understanding of web application development and service oriented architecture, and related technologies and platforms
·Understanding of enterprise IT infrastructure and architectures
·Demonstrable understanding of information security protection and methodologies
·Experience of assisting non-technical users with identification of information threats/vulnerabilities/risks
·Knowledge of a wide range of information security related topics and industry standards, including ISO27001 and ITIL.
·Ability to review complex information systems and web applications, identify risks