Information Security and Assurance Advisor
Leek Wootton
Permanent Contract
Full Time
Salary 50,949.00 – 57,186.00
Those currently eligible on the redeployment register will be given prior consideration.
We are looking for a highly skilled and motivated individual to take on the role of Information Security and Assurance Advisor, working within the Information Assurance team to ensure we are meeting our national compliance obligations.
Policing holds vast amounts of data for law enforcement and operational purposes, but how that data is used and secured requires rigorous governance to ensure its retention and use is lawful, fair and proportionate and does not infringe on the rights and freedoms of individuals. In order to meet the organisations strategic ambitions for the use of data, we have an Information Assurance function with responsibility for information governance, security, records management and data protection.
The role will provide professional guidance and specialist advice with regard to information security and support our data protection compliance, ensuring that appropriate controls are identified and implemented to protect personal data and ensure the force is meeting our SYAP and CoCo requirements aswell as supporting our UK GDPR and Data Protection Act 2018 compliance programme. You will also advise on and manage information security incidents and related governance and asurance documentation and reporting requirements.
Key responsibiltiies include, but are not limited to:
– Risk Management, Clarity and Ownership – The individual should be able to work with stakeholders to identify, assess and manage information security risks, ensuring they are clearly understoof, owned by the business and reduced to an acceptable level. As well as ensuring risks are well-written, consistently defined and assigned to the right owners, translating technical issues into clear business impacts.
– Assurance and Reporting – Provide leadership with clear, honest insight into security risks, highlighting emerging threats and control weaknesses
– Incident Management and Response – Support effective detection, investigation and response to security incidents, ensuring lessons are learned and controls improved
– Supplier and Third Party Risk – Manage security risks associated with suppliers and cloud services, ensuring robust requirements are built into procurement and contracts
Person Specification:
Knowledge:
A Levels, or equivalent, qualification.
To hold a recognised information security, data protection or information risk qualification (e.g Certified Information Security Manager (CISM), CISSP, GCRC, CRISC, DP PDP, BCS etc)
Sound practical knowledge of current Information Security Cyber and Assurance Management standards and best practice (including ISO 27001/NIST Framework).
Sound practical knowledge of current data protection legislation, standards and practice.
Knowledge and understanding of the Technical, Human Resource, Procurement, Project, and Physical Security issues that impact upon information security and assurance.
Able to demonstrate a good understanding of information security concepts and practices concerned with maintaining the confidentiality, integrity, and availability of information.
Desirable:
Knowledge of the police service IA conditions (Codes of Connection)
3rd party and onsite security and assurance auditing
Experience:
Experience of operational delivery of information security in a multi-site organisation.
Demonstrable experience of Public Sector Network (PSN)/Syap compliance requirements including evidenced understanding of maintaining accreditation.
Experience of developing and implementing information security and assurance policies and procedures.
Experience of undertaking internal audits and accreditation activities, working closely with ICT and other key force teams, external auditors and accreditors
Experience in facilitating and leading meetings with internal and external stakeholders at senior level.
Experience of liaising with other organisations and agencies on information security matters.
Key Skills:
Ability to work to tight deadlines, respond to changing demands and deliver efficient follow-ups.
Evidence of influencing through facts the motivation and behaviour of people both internally and externally.
Effective interpersonal and communication skills, both written and verbal, and the ability to explain complex issues at a variety of levels.
Ability to undertake sensitive enquiries with limited supervision and to manage and keep secure sensitive material.
Special Conditions: Regular travel throughout Warwickshire Police
We want our organisation to be as diverse as the community it serves. We welcome applicants from all sections of the community.
You will be required as part of Warwickshire Police recruitment process to successfully complete vetting and credit checks.
We support the Happy to talk flexible working campaign, which aims to encourage uptake of flexible working for individuals, the flexible working options that may be considered for this role include;
Compressed Hours
…