A leading engineering firm based in Horsham, West Sussex, is seeking an Information Security Advisor to join it’s growing Tech team.
Reporting into the Information Security Change Manager, the role holder will build relationships with key internal stakeholders and working with strategic partners to enable the business to seamlessly leverage its IP assets while maintaining a high level of security.
You will be the primary point of contact for Information Security queries and will play a key role in establishing new controls and processes. You will spearhead the Information Security operational movement for the business, such as achieving Cyber Essentials Plus certification and monitoring Information Security Compliance on internal systems and processes.
You will also participate in risk management, including conducting risk assessments, maintaining a risk register and the identification and application of cost-effective actions.
Responsibilities
Support the:
- Development of a culture of security awareness and practice throughout the business with regular communication and refresher training for internal individuals.
- Building, configuring, testing, compliance and maintenance of Information Security policies, processes and procedures.
- Scoping, implementation, testing and deployment of projects/new capabilities.
- Identification, assessment and treatment of IS risks, threats, issues and incidents.
- Third party management of IS Service Providers
- Carrying out risk mitigation actions
- Monitor and report on IS systems and processes, issues/incidents, and metrics
Knowledge, Skills, Experience & Personal Attributes
It is essential that, along with a strong knowledge of Information Security concepts and approaches, the post holder is able to engage with a wide range of employees with differing backgrounds and technical competencies.
- Awareness of; ISO27001, Cyber Essentials Plus, NIST 800 and CIS 20
- Understanding of Information and Cyber Security threats and vulnerabilities
- Knowledge of specific operational impacts of cybersecurity lapses
Highly desired experience and attributes
Carrying out business analysis covering:
- Requirements gathering (Functional and Non-Functional)
- Process mapping
- GAP analysis
Data analysis and reporting
Awareness and understanding of:
- Data classification and categorisation
- Data loss prevention
- Threat modelling