Job Description

We are currently partnering one of the UK leading technology companies, assisting with their search for a Principal Information Assurance Lead to join their team on a permanent basis. The role will be working with multiple teams within the business to apply appropriate information assurance standards across the business.

The position can be operated remotely with occasional travel to their offices as required.

Duties within the role will include:


You will be working with the businesses across critical areas of infrastructure, technology and applications to apply policy and procedural alignment against Group ISO27001 standards. Responsibilities will include:

  • Lead security risk assessments at business, technical architecture reviews

  • Undertake gap analysis across projects and programmes using mature methodologies such as NIST (National Institute of Standards and Technology) CSF (Cyber Security Framework).

  • Interpreting and applying appropriate standards, policies and legislation, e.g. SOX, DPA, HMG SPF, NCSC IA Portfolio, ISO27001,etc.

  • Produce gap RTP (risk treatment plan) remediation plans for projects and programmes and report findings with recommendations to customers. RTPs must incorporate were possible relevant (current) threats to new systems that are being deployed along with highlighting internal, external vulnerabilities along with likelihood of exploitation

  • Assist with the continual implementation and improvement of governance procedures within business units whilst adhering to centrals processes

  • Collaborate with the wider cyber teams to ensure full coverage of implementation of best practice and IA across the group

  • Evaluate new technologies for potential adoption in accordance with IA and good practice guides such as NCSC, CNI GPG's, IA architectural patterns

  • Support the development of junior IA professionals (apprentices) across the business

  • Support IT and business units with conformance against (as applicable) NIS Directive, PSN CoCo, re-certifications against schemes such as Cyber Essentials


Requirements:

  • Experience and knowledge to apply NIST, CSF, HMG SPF, ISO27001 standards and frameworks

  • Experience of undertaking and leading risk assessments, risk treatment and implementing practice countermeasures for pragmatic remediation

  • Strong knowledge and experience of IT security

  • Security qualifications, preferably NCSC certified (minimum Practitioner level), CISSP, CISM, CompTIA CASP

  • High documentation standards

  • Experience of running vulnerability scan reviews and understanding the security risk review process

  • Knowledge and understanding of the current and developing strategic information requirements of a Technology Services business

  • Strong interpersonal and communication skills

  • Skill in organising resources and establishing priorities

  • Ability to steer on regulatory and compliance matters

  • ISO27001 internal auditor or other CISA an advantage

  • Working knowledge of List X, List N, IEC62443-3-3 related standards advantageous

  • Must be eligible for Security Clearance (successful appointment will be subject to being granted Security Clearance)

Also included is an excellent benefits package

For further information or to apply for this excellent opportunity please contact Richard New on 02083347562 or respond to this advert with an up to date copy of you CV.