Information Security Officer

The Information Systems (IS) Security Officer will be responsible for overseeing information security, cybersecurity and IT risk management programs based on industry-accepted information security and risk management frameworks. This individual will be an integral part of the IS Department reporting directly to the Head of Information Systems to help improve and communicate the maturity levels of information security, state of cybersecurity and IT risk practices across a single campus, consisting of 550 staff.

This role is an excellent opportunity for candidates who have a strong understanding of IT infrastructure and information security (primary skill) and enjoy working in a fast-paced and ever changing environment., * Experience of operating in a high growth environment, with exposure to range of information security technologies and frameworks

• Experience of cloud services and potential security problems with cloud deployments
• Experience with the development, deployment, and automation of cloud security solutions in a enterprise environment
• Experience in assessing the effectiveness of information security measures, identifying and mitigating potential risk exposures
• Experience in carrying out audits to ensure that IT security practices, controls and systems are effective, identifying areas for improvement
• Experience in coordinating the continuous development, implementation and updating of IT security policies, processes, procedures, plans and baselines in compliance with relevant regulations and standards for information systems
• Experience in developing Incident Response Plans to detect, respond to and limit the effects of an Information Security event
• Experienced in coordinating information security incident response and reporting for events or exploited vulnerabilities including unauthorised system or network access, denial of service, inappropriate data access, data corruption, and/or collection of private or confidential information
• Experience with the development of educational programs in the area of cyber security awareness
• Detailed knowledge of the processes, tools and techniques of information security management, ability to deploy and monitor information security systems, as well as detect, resolve and prevent violations of IT security, to protect the organisations data and systems
• Experience in providing technical or business guidance to senior management; ability to apply this knowledge appropriately to diverse situations
• Knowledge of IT processes and controls and strong understanding of risk and control frameworks such as CoBIT, ISO, PCI
• Knowledge of information security regulatory requirements and standards such as Cyber Essentials, ISO 27001/2, NIS

Abilities:

• Ability to identify and demonstrate up-to-date knowledge and understanding of the information security threat landscape and associated counter measures
• Ability to conduct complex security incident investigations; prepare written findings, recommendations and follow up evaluations; and analyse patterns and trends
• Ability to ensure standards and parameters for any systems on the network are correct and as close to flawless as reasonably can be expected
• Ability to act decisively in critical situations
• Ability to make decisions with confidence and show initiative
• Ability to work effectively under pressure and meet tight deadlines
• Ability to provide in-depth analysis of complex problems, managing risk and providing timely and accurate decisions to solve problems
• Ability to balance the interests of the various stakeholders
• Ability to handle high levels of pressure and exhibit critical decision-making
• Ability to act decisively in critical situations or to circumvent potential problems

Education: Preferred degree or higher level further education.

Essential: Certifications in information security inc but not limited to: Cyber/ Information Security such as Certified Information Systems Security Specialist (CISSP), Certified Information Security Officer (CISM), Certified Information Systems Auditor (CISA), Certified Cloud Security Professional.

Experience:

A minimum of 5-7 years work experience of working in a growing and challenging environment.

Personal Skills and Attributes:

• Communication: Proactive worker, able to operate at both strategic and operational levels, who is commercially astute with exceptional communication skills at all levels.
• Communication: Strong verbal and written communication skills, especially involving technical documentation and report writing
• Ethics & Integrity: Operates with unquestionable integrity and fosters an ethical, values driven culture
• Results driven: Pro-active and energetic, with excellent attention to detail and the
• Calmness under pressure: Pro-actively manage multiple projects, tasks and priorities
• Stakeholder management: Strong communication skills, as well as the ability to adopt communications styles to suite different audiences
• Accountability: Takes clear ownership and accountability for assigned projects and tasks and is focussed on consistently delivering a high-class service to stakeholders
• Organisational skills: Attention to detail and multi-tasking skills
• Team worker: Listen to others and take their ideas on board