Job Description

The Information Security Officer, working as part of a wider Information Security team, you will be responsible for the day to day administration of internal infosec, ISMS, audits, including implementation/ adherence to Information Security standards including ISO27001, Cyber Essentials and NIST CSF. Compliance with GDPR regulations and reporting on the implementation of technical controls as required.

You will be the main point of contact for responding to customer and supplier audits, tracking the results, and ensuring any remedial actions are carried out as well as generating management information for various steering level groups. Furthermore, you will be involved in other consulting works as part of the wider InfoSec and IT teams around user administration, patch and vulnerability management, and third-party supplier management.

The role will report into the Head of Information Security, the scope will cover the SMS PLC group and its subsidiaries to carry out the key responsibilities specified below. Building relationships with both internal and external stakeholders are key in delivering against the key metrics within the information security team. The role may involve travel to sites across the UK to perform onsite security audits facilitating both internal and external parties.

In Summary, the role is about collaborating with others to enhance the maturity of the organizations IT & Information Security function enabling the business to operate securely and efficiently without compromising productivity.

Hours of work will be Monday to Friday 8.45am - 5pm , 36.25 hours per week .

Special Conditions - The successful applicant will be open to travel to additional sites where required.

KEY RESPONSIBILITIES

• ISO27001 + SMETS 2 Audits and evidence collation
• Management of the Information Security Management System, including writing policies, standards and procedures.
• Driving maturity against information security standards including ISO27001 and NIST Cyber Security Framework (CSF).
• Maintaining the IT Risk Register by carrying out regular risk assessments across the group.
• Provide guidance to Business stakeholders around Information Security/GDPR/Data privacy concerns
• Conducting Internal Audits (UK site travel may be required)
• Managing External Audit Request Process
• Report Generation across Information Security areas of responsibility
• Security Spot Checks
• Data Governance response tasks and data cleansing
• User access rights authorization review
• Third party supplier management, RFCs, due diligence
• InfoSec consultation with other areas of the business
• Other additional duties as required

In return

• 25 personal days per year, with an additional allocation of 8 public holidays
• After 5 years of service you will be rewarded with an additional 5 day’s annual leave taking it to 30 personal days and 8 public holidays.
• Refer a friend bonus (£500)
• Cycle to work scheme
• Corporate season ticket travel
• Automatic enrolment into the Company Stakeholder Pension Scheme (will commence following 3 months employment)
• Eligibility to join the Share Incentive Plan following 6 months employment
• We also have you covered with Life Insurance where your next of kin will receive 4 times your annual salary

Required Knowledge, Skills, and Abilities

The successful candidate will be able to operate independently and within a group dynamic to deliver against key objectives set out in the SecOps roadmap. ISO27001 Lead Auditor/implementation Certification. Experience of ISO27001 implementation and Auditing. Certified Information Systems Auditor (CISA) (or equivalent). A degree in Information Technology/Computer Information Systems (or equivalent). Experience of NIST Cyber Security Framework implementation and Auditing. Clear understanding of IT audit methodologies. Experience within an Information Security role, with extensive experience on Information Security processes and regulations. Experience of managing/ implementing IT Risk Management frameworks. Ability to work under pressure in a fast-paced and developing environment. Strong attention to detail with an analytical mind and outstanding problem-solving skills. Broad awareness and interest of Information Security trends is desirable. Software Application and Cloud Security principals and practice is desirable. General and broad IT knowledge across Infrastructure, Development and Service Management is desirable.