Information Security Officer – Major Travel Group 9-5 (can start at 8:30 and finish 4:30) *Early finish Fridays Responsibilities Information Security Frameworks Travel Qualifications CISSP/CISA/CISM Skills Information Security policies, risks, threats, compliance, governance, regulation Contact number 0113 299 0570 Pension - Holidays - Free Parking - Flexible working Additional Benefits Broadband, laptop, mobile, Top grade office working space Region West Yorkshire Purpose The Information Systems (IS) Security Officer will be responsible for overseeing information security, cybersecurity and IT risk management programs based on industry-accepted information security and risk management frameworks.
This individual will be an integral part of the IS Department reporting directly to the Head of Information Systems to help improve and communicate the maturity levels of information security, state of cybersecurity and IT risk practices across a single campus, consisting of 550 staff.
Level Scope Responsibility for formulating and administering policies and programs, managing human, financial and physical resources and functions with a very high degree of autonomy.
Frequently influence business decisions made by senior leadership, overseeing the stewardship of resources and the development of systems and procedures to protect assets.
Negotiates and influences others to understand and accept new concepts, practices and approaches.
This role is an excellent opportunity for candidates who have a strong understanding of IT infrastructure and information security (primary skill) and enjoy working in a fast-paced and ever changing environment.
Experience: Experience of operating in a high growth environment, with exposure to range of information security technologies and frameworks Experience of cloud services and potential security problems with cloud deployments Experience with the development, deployment, and automation of cloud security solutions in a enterprise environment Experience in assessing the effectiveness of information security measures, identifying and mitigating potential risk exposures Experience in carrying out audits to ensure that IT security practices, controls and systems are effective, identifying areas for improvement Experience in coordinating the continuous development, implementation and updating of IT security policies, processes, procedures, plans and baselines in compliance with relevant regulations and standards for information systems Experience in developing Incident Response Plans to detect, respond to and limit the effects of an Information Security event Experienced in coordinating information security incident response and reporting for events or exploited vulnerabilities including unauthorised system or network access, denial of service, inappropriate data access, data corruption, and/or collection of private or confidential information Experience with the development of educational programs in the area of cyber security awareness Detailed knowledge of the processes, tools and techniques of information security management, ability to deploy and monitor information security systems, as well as detect, resolve and prevent violations of IT security, to protect the organisations data and systems Experience in providing technical or business guidance to senior management; ability to apply this knowledge appropriately to diverse situations Knowledge of IT processes and controls and strong understanding of risk and control frameworks such as CoBIT, ISO, PCI Knowledge of information security regulatory requirements and standards such as Cyber Essentials, ISO 27001/2, NIS Abilities: Ability to identify and demonstrate up-to-date knowledge and understanding of the information security threat landscape and associated counter measures Ability to conduct complex security incident investigations; prepare written findings, recommendations and follow up evaluations; and analyse patterns and trends Ability to ensure standards and parameters for any systems on the network are correct and as close to flawless as reasonably can be expected Ability to act decisively in critical situations Ability to make decisions with confidence and show initiative Ability to work effectively under pressure and meet tight deadlines Ability to provide in-depth analysis of complex problems, managing risk and providing timely and accurate decisions to solve problems Ability to balance the interests of the various stakeholders Ability to handle high levels of pressure and exhibit critical decision-making Ability to act decisively in critical situations or to circumvent potential problems Education: Preferred degree or higher level further education.
Essential: Certifications in information security inc but not limited to: Cyber/ Information Security such as Certified Information Systems Security Specialist (CISSP), Certified Information Security Officer (CISM), Certified Information Systems Auditor (CISA), Certified Cloud Security Professional.
Experience: A minimum of 5-7 years work experience of working in a growing and challenging environment.
Personal Skills and Attributes: Communication: Proactive worker, able to operate at both strategic and operational levels, who is commercially astute with exceptional communication skills at all levels.
Communication: Strong verbal and written communication skills, especially involving technical documentation and report writing Ethics & Integrity: Operates with unquestionable integrity and fosters an ethical, values driven culture Results driven: Pro-active and energetic, with excellent attention to detail and the Calmness under pressure: Pro-actively manage multiple projects, tasks and priorities Stakeholder management: Strong communication skills, as well as the ability to adopt communications styles to suite different audiences Accountability: Takes clear ownership and accountability for assigned projects and tasks and is focussed on consistently delivering a high-class service to stakeholders Organisational skills: Attention to detail and multi-tasking skills Team worker: Listen to others and take their ideas on board This job description is intended to reflect the post holder's duties that would normally be expected to be undertaken.
Owing to the nature of the post, the above duties are not exhaustive, and the Company may require you from time to time to undertake additional duties within your capabilities.
#J-18808-Ljbffr