Information Security Assurance Specialist - London or Leeds considered (blended working model)

Company Description

Genomics England partners with the NHS to provide whole genome sequencing diagnostics. We also equip researchers to find the causes of disease and develop new treatments – with patients and participants at the heart of it all.

Our mission is to continue refining, scaling, and evolving our ability to enable others to deliver genomic healthcare and conduct genomic research.

We are accelerating our impact and working with patients, doctors, scientists, government and industry to improve genomic testing, and help researchers access the health data and technology they need to make new medical discoveries and create more effective, targeted medicines for everybody.

Job Description

This role is integral to supporting the development of a security maturity matrix aligned to a new information risk management framework, ensuring products operate securely and to ensure continuous assurance and monitoring across the entire environment.

You will be responsible for scoping and executing in-depth reviews of key security processes, capabilities and programmes, to assess whether stated security outcomes are being met or are on track to be met and, as part of an assurance programme, ensure there is alignment with security policy, frameworks and industry standards, liaising with senior stakeholders on how these can be met.

You will have experience of developing best practice principles that can be applied to review how cyber security incidents have been managed and can be improved, working with the business to develop a zero-tolerance approach to repeat incidents.

As part of the assurance activities, you will scope and produce the formal risk assessments and act as a SME for Information Risk Management. Where risks are identified, you will work with risk owners to develop and implement treatments.

You will also lead on the analysis, creation and compilation of relevant documentation by determining the compliance level of systems taking into account technical security controls, applicable certification, accreditation and internal policy requirements.

You will work collaboratively with colleagues in Data Protection to ensure all Information Security Assurance services are delivered within agreed timelines and, where appropriate, in accordance with data protection legislation.

In addition, you will develop internal communications and training content, that will help to deliver effective cyber security best practice. Your ability to advise and support the development of such programmes, will test our ability to respond and recover from cyber security incidents. 

Working with a wide range of stakeholders, you will promote a mindset of developing secure systems and provide input into security improvements being developed by other parts of the business.

Please note that the closing date for applications is Tuesday 29th November 2022.

Qualifications

While this isn’t a technical role, a strong conceptual understanding of security operations, network, cloud, email, application and enterprise security is essential, as well as experience of certifications and accreditations including Cyber Essentials Plus, ISO27001 and NIST.

ideally, you will also be qualified to Certified Information Systems Auditor (CISA) standard. 

Additional Information

Being an integral part of such a meaningful mission is extremely rewarding in itself, but in order to support our people, we’re continually improving our benefits package. We pride ourselves on investing in our people and supporting them to achieve their career goals, as well as offering a benefits package including: 

• 30 days’ holiday (plus bank holidays), with additional days for long service awards
• A generous pension scheme of up to 15% combined contribution
• Individual learning budgets for every colleague, a Blinkist account and a wide variety of courses on our portal
• A wide variety of wellness benefits including Gympass, a Headspace account, free weekly Yoga classes
• Enhanced maternity & paternity benefits
• Blended working arrangements

Talk to our Talent Team and find out how a career with Genomics England will benefit you.

#LI-Hybrid

As part of our recruitment process, all successful candidates are subject to a Standard Disclosure and Barring Service (DBS) check.  We therefore require applicants to disclose any previous offences at point of application, as some unspent convictions may mean we are unable to proceed with your application due to the nature of our work in healthcare. 

Genomics England operates a blended working model as we know our people appreciate the flexibility. We expect most people to come into the office 2 times each month as a minimum. However, this will vary according to role and will be agreed with your team leader. For some people this is 1 day a quarter, for others it is several days a week. There is no expectation that staff will return to the office full time unless they want to. The exception would be some of our roles that would require you to be on site full time e.g., lab teams, reception team. 

Our teams and squads have, and will continue to, reflect on what works best for them to work together successfully and have the freedom to design working patterns to suit, beyond the minimum. Our office locations at the moment are Cambridge and Farringdon (London) and in Winter 2022 we are relocating our London office location to Canary Wharf. We will also be expanding our regional offices.   

Looking ahead to our move to Canary Wharf, we will be designing our new space with blended working in mind, and with the flexibility to adapt to changing work patterns. During the pandemic we will be following government advice on working from home guidance. 

#LI-Hybrid