London

31st October

PURPOSE OF THE ROLE:

This position is a full-time role, as a part of the GRC (Governance, Risk Management & Compliance) team to support information security governance across the organisation. You will support the Head of Information Security in managing all aspects of the information risk, compliance and governance programmes; ensuring that industry standards and best practices are implemented as part of an integrated approach to compliance across the organisation.

KEY RESPONSIBILITIES:

  • Ensure ISO 27001 certification and PCI DSS compliance is maintained for the current scope and support the compliance efforts for additional sites, as needed
  • Create/update baseline security policies and standards for the group, and ensure security policies are adhered to and audited across the group
  • Perform security risk assessments across the group and report on ways to minimise threats
  • Track latest security innovations and keeping abreast of the latest cyber security technologies
  • Inspire confidence with key stakeholders across the organisation on all aspects of cyber security, risk and governance
  • Conduct Information Security audits as per a defined risk-based audit plan
  • Conduct Supplier due diligence and assessments
  • Address client enquiries (e.g. through questionnaires) related to Information Security
  • Information security incident management
  • Promote a security culture within the organisation

SKILLS, KNOWLEDGE & EXPERIENCE:

  • 3-5 years of professional experience in Information Security and/or IT auditing
  • Recognised industry InfoSec certifications such as CISSP, CISM, CRISC, CISA, ISO 27001 Lead Auditor/Implementer
  • Should have prior experience in designing and implementing controls in line with requirements of ISO 27001 and PCI DSS
  • Good knowledge of network and security technologies and web application security concepts
  • Knowledge of Data Protection best practices and GDPR compliance is desirable
  • Excellent attention to detail
  • Good verbal and written communication skills
  • Ability to make effective use of resources available to complete tasks to agreed deadlines
  • Quality control across all aspects of processes and procedures