Information Security Officer

We are looking for an Information Security Officers (ISO) to act as a partner, adviser, and authority in the implementation of the organisations risk management framework.

The nature of your workload will vary from assurance and assessment of infrastructure and applications through to advising technical and business colleagues on options for secure systems.

This is both a business facing, and technical role and you will be expected to be able to operate and balance the needs of both.

Responsibilities:

• Acting as a security subject matter expert supporting service owners in obtaining and maintaining conformance to business risk tolerances.

• Providing briefings to governance boards and key stakeholders on risks to new and existing services.
• Ensuring alignment to appropriate standards and recommending suitable control improvements. Evaluating and raising risks to confidentiality, integrity or availability.
• Advising and guiding business services on maintaining compliance with relevant legislation, i.e. DPA 2018, NHS - Data Security and Protection Toolkit and others.
• Contributing to the implementation and development of supporting policies.
• Maintaining a frequent security partner relationship with specified high value services through their service life.

Requirements

Essential criteria:

• The ability to build and maintain strong working relationships with both internal and external stakeholders.
• The ability to analyse disparate or incomplete sources of information and provide value added assessments for use in business contexts.
• Evidence of making good judgements and recommendations to senior stakeholders and management.
• Excellent written and verbal communication skills.
• Ability to demonstrate that you comprehend the value of managing expectations and have a proven track record of doing so.
• A broad knowledge of technologies, including common vulnerabilities and exploits
• A comprehensive knowledge of security controls for modern digital services.

Desirable criteria:

• Familiarity with the NCSC suite of security policy, guidance and standards.
• Experience in using good practice standards such as ISO 27001 (Implementation, Compliance, Certification and audit reviews).
• Experience of undertaking information security in both a waterfall and an agile context.
• Experience of Security Architecture Design.

Qualifications

• You will hold one or more of the following qualifications:
• SABSA Chartered Security Architect - Foundation Certificate (SCF).
• Certified Information Systems Security Professional (CISSP).
• Certificated Information Security Manager (CISM).
• CompTIA Advanced Security Practitioner (CASP+).
• ISEB Practitioner Certificate in Information Risk Management.

Benefits

As an employee of System C Healthcare Ltd – you can expect the following benefits:

• pension scheme with employer contributions of up to 8%
• private medical cover
• full training and development programme
• discretionary bonus scheme
• 23 days annual leave increasing over length of service
• birthday leave, 1 days’ leave to take during your birthday month each year.
• life assurance cover, up to four times your salary
• employee referral scheme
• employee assistance programme
• cycle to work scheme
• payment of professional subscriptions
• additional benefits including gym membership discounts and a range of insurances available at a discounted cost

In addition, we also have company which provide the opportunity for employees across all of the offices to get to know colleagues better in an enjoyable, informal and relaxed environment.