Cyber and Information Security Officer

JOB DESCRIPTION

AKG Group UK Company:

AKG UK Shared Services

Position Title:

Cyber & Information Security Officer

Job Level

7

Role Status:

Full Time

Reports To:

Information Security Manager and DPO

Roles Reporting to this Position:

None

Primary Objective:

To support the Information Security and IT Managers and assist with the implementation and maintenance of cyber and information security controls across all AKG UK entities and monitor compliance.

To deputise for the Information Security Manager when required and in their absence act as the point of contact for the Information Commissioners Office, Department for Work & Pensions (DWP) and other commissioners and stakeholders in relation to information security and data protection.

To contribute to the achievement and continuation of required Security Certifications including Cyber Essentials Plus and ISO27001:2022, supporting with the provision of evidence for external audit and attending external meetings.

Key Relationships/Interactions

Internal

• IT Department including internal Helpdesk
• IT Support Provider
• Facilities & Procurement
• Delivery Partners
• Audit & Risk
• Operations

External

• DWP
• Contract Commissioners
• ICO
• Accreditation Bodies and External Auditors

Key Responsibilities

• Work closely with the Information Security Manager and IT Department to ensure that data security requirements are met across all data management systems
• Provide cover for the Delivery Systems Owner to support with ticket resolution as and when required
• Work with IT Team to develop and implement cyber security strategies
• Implement and maintain information security framework requirements, ensuring governance and compliance requirements are met
• Assisting with the implementation and review of data processing processes ensuring compliance with GDPR, DPA, and ISO27001
• Propose and draft a range of policies, procedures and processes and undertake annual reviews of existing documentation
• Actively promote training and awareness to a range of stakeholders
• Assist with the provision of materials and tools for the ongoing education programme for all staff regarding cyber and information security and monitor compliance with mandatory training
• Undertake auditing of premises, processes and departments to ensure ISO27001 compliance
• Support with Data Retention and Records Management procedures and processes
• Assist with responses to Data Subject Access Requests and other information requests, including provision of e-Discovery searches, extraction of data from the CMS, and subsequent review and redaction
• Undertake the investigation, management and response to security incidents, including analysis and feedback to the organisation
• Undertake information security risk management and maintain the information security risk register
• Produce reports in relation to performance targets, effectiveness measurements and trends analysis for the information security governance group, including for example starters, leavers, training completions.
  Undertake regular access, account and activity reviews.

Essential/Desirable Skills, Knowledge and Experience

• Able to quickly identify problems, think flexibly and resolve issues.
• Clear communication skills in providing advice, guidance and resolutions to a range of staff and stakeholders.
• Flexibility to cope with the varying demands of the role, managing time effectively to achieve the desired results.
• Comfortable working remotely using a range of digital channels including phone, video conferencing, instant messaging, and email.
• Excellent IT, administration and organisational skills with practical experience of using MS office software.
• Solid understanding of ISO27001.
• Knowledge of data governance policies and procedures.

• IT literate and proficient in the use of Microsoft Office 365 products and services, including:

• Microsoft Defender for Office 365: threat protection, alert management

• Microsoft Purview Compliance Portal: DLP, eDiscovery, audit logs, compliance tools
• Azure Active Directory / Microsoft Entra ID: identity and access management, conditional access, MFA
• Microsoft Intune: device compliance, security baselines
• Microsoft 365 audit logs: activity and access reviews, reporting
• Incident response: investigating and managing security incidents using Microsoft 365 tools

• Secure user lifecycle management: permissions, starters/leavers, access reviews

• Good verbal and written communication skills.

• Team player comfortable working with minimum supervision using personal drive, enthusiasm and presence to succeed.
• Bring energy, dynamism and creative problem solving to issues.
• Minimum of 3 years similar experience in the field of IT, cyber security or information security.
• Practical experience in managing risk.
• Compliance background.
• Effective and clear communicator with good negotiation skills.
  Experience of leading on audits undertaken by external third parties

Compliance

• It is the responsibility of all staff to abide by organisational policies to ensure compliance with relevant standards e.g. ISO Information Security), ISO 9001 (Quality) and ISO Environmental) as well as adhering to statutory duties in relation to safeguarding, Prevent and health and safety.