Information Security Officer ISO27001

Location: Solihull
Job Type: Permanent
Discipline: Infrastructure and Support
Reference: IAT30309

Information Security Officer ISO27001 CISA or CISM or CISSP

One of Birmingham's fastest growing companies has a new key role to help ensure IT security is their top priority. They have an amazing product and are looking to grow the team again.

The role

* Lead on the development of a Group-wide Information Security Management System, aligned with the requirements of ISO27001
* Implement and maintain an information security policy framework (policy, standards and guidelines), reflective of statutory, regulatory and contractual security requirements.
* Operate the policy exemption process and manage local variances in accordance with perceived levels of risk.
* Deliver information security audits to assess the status of information security across the company.
* Track and maintain compliance reports and actions needed to achieve compliance against policies, applicable regulations and internal / external findings.
* Implement and maintain the information risk management framework including risk assessment methodology and templates.
* Maintain the information risk register consisting of asset, threats and vulnerabilities, including likelihood and impact.
* Support the delivery of information risk assessments across the company
* Create and distribute information security communications, including articles, alert and hot topic information.
* Coordinate the implementation of information security policies and procedures across the company

The ideal person
* Experience of establishing and maintaining an Information Security Management System in a large, complex environment.
* Proven track record of supporting the development of information security policies which are easily understood, effective and economical to implement.
* Thorough understanding of security technologies and associated functionality.
* Demonstrable experience in assessing and managing information security risk in a complex environment.
* Demonstrable experience in delivering information security training and awareness activities to a diverse range of stakeholders.
* Thorough understanding of the principles of end-to-end information security.
* Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
* High level of personal integrity, as well as the ability to handle confidential matters, and show an appropriate level of judgment and maturity.
* Excellent written and oral communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and non-technical audiences.
* CISA or CISM or CISSP an advantage

Interested , send me your CV ASAP

When submitting your application to Colossus Associates, please ensure you have your correct phone number and email address so we can contact you asap regarding your application. For confidentiality purposes, please remove any reference contact phone number's and email addresss details from your CV.