Infosec Champion
2 months ago
**InfoSec Champion Job Description**
Job Title: InfoSec Champion
**Salary**: £50K - £60K (Depending on experience) pension, healthcare, life insurance, 25 days holiday
Objectives
- To be a single point of contact for all information security related tasks and promote good security practices thought the Care and Custody line of business
- Ensure the confidentiality, integrity and Availability of Care and Custody s information assets is adequately protected
- Ensure certification to ISO27001 for Care and Custody is maintained and appropriate business functions within Care and Custody are brought into scope
Job Responsibilities/Main duties
- Promote good information security practices throughout Care and Custody and be an ambassador for information security
- Develop and own the Information Security Management Plan
- Ensure Care and Custody maintains its certification to ISO2701
- Work with Mitie's Information Security Consultant to bring other business functions within Care and Custody into scope of ISO27002 certification
- Ensure policies and procedures (specific to Care and Custody) align to ISO27001/Mitie group requirements
- Develop local Care and Custody procedures as necessary
- Review and update of relevant GDPR and Privacy Documentation.
- DPIA evaluation and creation in line with Head Contracts
- Identify any legal regulatory or contractual requirements that are applicable to Care and Custody
- Identify applicable information assets
- Perform risk and control self-assessments
- Carry out risk assessments and participate in risks assessment workshops
- Develop risk treatment plants and gain approval for the plan form risk owner(s)
- Maintaining & coordinating annual IT Health Check & Penetration testing activities
- Supporting review of IT Health Check & Penetration test results ensuring appropriate remediations are implemented
- Facilitate internal and external audits, acting as the single point of contact for all enquiry's
- Coordinating and chairing the Security Working Group with client Information Security Accreditors
- Aid the delivery of security awareness training to Care and Custody staff
Knowledge/Skills
Desirable
- ISO27001 Auditor/Implementer/Lead Auditor qualification desirable
- Security related qualifications SSCP/CISSP
Essential
- Thorough understanding of the ISO27001/2 standards
- Experience in performing risk assessments
- Demonstrable experience in performing control evolutions
- Excellent interpersonal skills and comfortable at communicating at all levels within an organisation, in a wide variety of situations
- Strong business facing communications skills - both written and verbal
- The ability to translate security requirements and standards into easily understood business concepts and vice versa
GDPR [KL1]
new line added [KL2]
