Information Security Assurance Officer

Newquay, Cornwall, UK

King's Service Centre

King's Service Centre is home to an innovative and forward thinking team supporting the services of King's College London.

View all jobs at King's Service Centre

Apply now Apply later

Information Security Assurance Officer

Department: Office of the CIO - Office of the CIO

Employment Type: Permanent - Full Time

Location: Newquay, Cornwall, UK


Description

Overview of role 

The Information Security Assurance Officer has a joint reporting line to both the Head of IT Assurance and the Associate Director of Information Security Assurance. Their work is reported on a termly basis to the Audit, Risk and Compliance Committee, and internal information security governance groups quarterly.

The role will focus mainly on supporting compliance to the ISO/IEC 27001:2022 standard for the University, as well as contributing to building and maintaining the Information Security Management System that coordinates internal policies and processes. Other aspects to the role include an internal audit function to support standards and continual improvements.

Our people are at the heart of King’s strategic ambitions. By supporting our staff to develop their potential within a positive and inclusive culture, we are building a thriving staff community.  As such, it is essential that the candidate upholds our Principles in Action by displaying the four key behaviours: include, challenge, support, and connect.

This role is based within the IT Assurance team at King’s Service Centre in Cornwall, however, there will be some need to travel to the London campuses.

Key Responsibilities

The main responsibilities of this role are to: §  Support the Associate Director of Information Security Assurance in developing the compliance elements of ISO/IEC 27001:2022.§  Conduct fieldwork for internal audits, working from the annual plan, to keep the timescales for completion on track.§  Creation of reports to the relevant management teams following audits, including recommendations for improvements where necessary.§  Contribute to the improvement of information security culture across the University by building relationships and supporting best practice through recommendations. The above list of responsibilities is not exhaustive, and the post holder will be required to undertake such tasks and responsibilities as may be reasonable expected within the scope and grading of this post. 

Key Skills, Knowledge and Experience

The role holder should possess a good working knowledge of information security best practices, but it is not essential for them to have a deep knowledge of all areas. These areas include, but are not limited to:

§  ISO/IEC 27001:2022, 27002:2022 and 27005:2022 Standards

§  NIST and CIS Controls

§  Payment Card Industry Data Security Standards (PCI DSS)

§  Compliance monitoring and auditing

§  Development of information security-related policies

 Whilst it is helpful for the role holder to have some knowledge and experience in a selection of these areas, it is more important that they can research the legislative and regulatory frameworks that impact departments across the University and can apply critical judgement to the performance of management against that framework. Candidates who have a background in operational IT Security, Cyber Security or in internal audit or assurance assessment will be well suited to this role.   In addition, the successful candidate will be expected to be well-organised, thorough and have an eye to detail. They will be expected to be able to complete work on their own, exercising their own judgement and have an ability to communicate to all levels of staff. This includes the ability to negotiate outcomes with senior management. A good knowledge and understanding of risk management, including a practical appreciation of the proper application of risk appetite, is also a necessary requirement for this role.

Essential Criteria:


1.       A good understanding of current technical security products used as operational IT security controls.


2.       An ability to thoroughly research and understand all legal and regulatory frameworks which apply to Higher Education in England, to provide appropriate levels of assurance on activity at the University. 


3.       Thorough understanding of risk management and an appreciation of the effective application of risk appetite.


4.       An ability to influence, negotiate and build relationships at all levels of the organisation.


5.       An ability to prepare reports with an appropriate level of detail for the anticipated audience, including an ability to make practical recommendations for remedial actions. 


6.       Team player, but with an ability to work independently and proactively to a set of high-level criteria.  


7.       Rigorous, analytical approach with an eye for detail.


8.       Ability to work under pressure and to deadlines, and to co-ordinate with others to meet internal team deadlines. 


9.       Excellent relationship building skills. 


10.   Excellent presentational skills in both written and oral communications. 

Desirable Criteria:


1.       Experience or detailed understanding of the UK Highter Education system.

2.       Certification in any of the following: ISO 27001 (Foundation or Lead Implementer), ISO 27001 Lead Auditor, CC, CompTIA Security+.
Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  1  0  0

Tags: Audits Compliance CompTIA Governance ISO 27001 Monitoring NIST PCI DSS Risk management

Region: Europe
Country: United Kingdom

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.