We are currently partnering one of the UK leading technology companies, assisting with their search for a Principal Information Assurance Lead to join their team on a permanent basis. The role will be working with multiple teams within the business to apply appropriate information assurance standards across the business.
The position can be operated remotely with occasional travel to their offices as required.
Duties within the role will include:
You will be working with the businesses across critical areas of infrastructure, technology and applications to apply policy and procedural alignment against Group ISO27001 standards. Responsibilities will include:
Lead security risk assessments at business, technical architecture reviews
Undertake gap analysis across projects and programmes using mature methodologies such as NIST (National Institute of Standards and Technology) CSF (Cyber Security Framework).
Interpreting and applying appropriate standards, policies and legislation, e.g. SOX, DPA, HMG SPF, NCSC IA Portfolio, ISO27001,etc.
Produce gap RTP (risk treatment plan) remediation plans for projects and programmes and report findings with recommendations to customers. RTPs must incorporate were possible relevant (current) threats to new systems that are being deployed along with highlighting internal, external vulnerabilities along with likelihood of exploitation
Assist with the continual implementation and improvement of governance procedures within business units whilst adhering to centrals processes
Collaborate with the wider cyber teams to ensure full coverage of implementation of best practice and IA across the group
Evaluate new technologies for potential adoption in accordance with IA and good practice guides such as NCSC, CNI GPG's, IA architectural patterns
Support the development of junior IA professionals (apprentices) across the business
Support IT and business units with conformance against (as applicable) NIS Directive, PSN CoCo, re-certifications against schemes such as Cyber Essentials
Experience and knowledge to apply NIST, CSF, HMG SPF, ISO27001 standards and frameworks
Experience of undertaking and leading risk assessments, risk treatment and implementing practice countermeasures for pragmatic remediation
Strong knowledge and experience of IT security
Security qualifications, preferably NCSC certified (minimum Practitioner level), CISSP, CISM, CompTIA CASP
High documentation standards
Experience of running vulnerability scan reviews and understanding the security risk review process
Knowledge and understanding of the current and developing strategic information requirements of a Technology Services business
Strong interpersonal and communication skills
Skill in organising resources and establishing priorities
Ability to steer on regulatory and compliance matters
ISO27001 internal auditor or other CISA an advantage
Working knowledge of List X, List N, IEC62443-3-3 related standards advantageous
Must be eligible for Security Clearance (successful appointment will be subject to being granted Security Clearance)
Also included is an excellent benefits package
For further information or to apply for this excellent opportunity please contact Richard New on 02083347562 or respond to this advert with an up to date copy of you CV.