Job Description

Your role will include working with the Senior Information Risk Owner, and Data Protection Officer to make risk-based decisions on strategic and tactical issues, working with internal and external stakeholders at various levels.

You will work with network and architecture colleagues to review and influence designs of systems, and to provide substantial input into the transformation of the function in line with the Information Security Roadmap and significant projects.
Key responsibilities:

• Responsible for Information Security within the Agency including risk assessment and information assurance, working closely with Data Protection Officer.
• Provide management, leadership, development and strategic direction for the Information Security function.
• Provide risk management and assurance to the Senior Information Risk Owner (SIRO), and the Audit and Risk Committee on cyber security.
• Maintain an awareness of emerging security risks and control technologies, procuring and managing services and tooling.
• Review security and privacy risks, designs and decisions for new and existing technology solutions, working closely with programme managers and digital delivery partners, managing our information security architecture service.

Required Knowledge, Skills, and Abilities

Hold certified CISSP, ISO 27001 Lead Implementer or Auditor, and CISM qualifications or equivalent experience within the government security profession. Make effective decisions within a fast-paced environment with the ability to present reasonable conclusions sometimes based on incomplete evidence and providing recommendations to the Senior Information Risk Owner and MHRA Audit and Risk Committee. Possess strong interpersonal skills, including influencing, communicating technical information to a nontechnical audience, building relationships and developing collaborative working across different teams to delivery improved security outcomes. Have experience of communicating complex technical information relating to cybersecurity to a non-technical audience. Able to communicate effectively across organisational, technical and political boundaries, understand the context. Able to advocate and communicate what a team does to create trust and authenticity. Have a proven ability to develop and implement processes that ensure security and also meet the needs of the Agency.