Head of Information Security Assurance

Discipline: IT

Sector: Central Government

Location: London*

Type: Permanent

Date posted: 09/05/2022

Start: ASAP

Duration: Permanent

Salary: £88,400 - £102,000 per annum


Our client is granted extensive access to privileged government and personal information and must in addition to its own data preserve both the confidentiality and safety of that resource. The Information Security Team’s objective is to provide timely and robust assurance to the C&AG and Senior Information Risk Officer that the Information Security Management System is robust and successful in meeting both external and insider threats, whilst alerting them to any emerging or residual risks which require mitigating.

To support this the Head of Information and Security Assurance will:

  • Design and report upon progress of the Information Security Plan.
  • Ensure the organisation designs and operates a best of breed Information Security Management System compliant with IS27001.
  • Stress tests the Digital Plan and IT architecture to identify potential weaknesses and threats to defending the information assets they hold.
  • Engage with technology projects and provide timely input and advice.
  • Design and implement a communications strategy so that all staff fully understand and comply with their policies and procedures to protect their information assets, including the appropriate security classification of information, use of applications and hardware, and the protection of paper and other non-IT information assets.
  • Lead on incident response plans and conduct investigations into actual breaches or near misses to ensure lessons are learned and remedial actions are implemented in a timely manner.
  • Contribute to the design and maintenance of an information disaster recovery strategy, ensuring it is regularly tested and reviewed in the light of lessons learned.
  • Keep the Departmental Security Officer (DSO) and Chief Information Security Officer (CISO) informed of emerging threats or unmitigated risks to the effective design and operation of our IT and other Information procedures and policies.
  • Be visible and the first point of contact for advice by Information asset owners across the organisation.
  • Work with audit clients and third-party suppliers to ensure that data is transferred appropriately and retained/destroyed in line with requirements and legal requirements.
  • Monitor compliance with our legal obligations and act as our nominated Data Protection Officer.

What we’re looking for:

Behavioural skills

  • Effective communicator and change agent, linking strategic view with pragmatic, operational execution and excellence.
  • Proven track record for driving new initiatives such as: Network Behaviour Analysis, Cyber Security, Compliance, Risk Management, Endpoint protection through deploying effective change management techniques.
  • Transformational leadership style to deliver the optimum performance from the team.
  • Strong analytical and problem-solving skills with an attention to detail.
  • Good team player who can facilitate knowledge sharing and collaborative working in multi-disciplinary teams with professional audit and ICT staff.
  • Self-starter, with energy and enthusiasm for driving continuous improvement and organisational learning from project experiences and analysis of business operations.

Security Experience

  • Skilled in the strategy, planning, delivery, implementation, operations and compliance reviews of: Cyber and Network Security | Cloud Security (Azure) | Data Analytics | Regulatory Compliance | Data Protection 1998 Act | General Data Protection Regulations – GDPR 2018 | ISO 27001 & ISO 9000 | IT General Controls | IT Forensics | IT Target Operating Models – TOM | IT Systems Disaster Recovery | Business Continuity and Resilience |Security Operations – SOC | Security Incident and Event Management – SIEM | Third Party Vendor Compliance and Security Assessments (incl. SLAs)
  • Substantial experience of an information security role gained in a similar sector or financial services organisation.
  • Working towards or holding an appropriate certification level such as Certified Information System Manager (CISM)
  • Successful applicants will be required to achieve SC Security Clearance
  • Advanced knowledge of;
  • Government Information Assurance Policies
  • Current IT security issues, in particular those affecting government and or highly sensitive organisations.
  • Windows operating systems and networking
  • TCP/IP network theory and practice

Technical Experience

Extensive knowledge of:

  • Information security assessment and auditing procedures from both a technical and business perspective
  • Vulnerability scanning and auditing tools
  • Enterprise scale network and host-based IDS architectures
  • Enterprise scale firewall architectures
  • Ecommerce application security
  • Computer investigation and forensic methods and technologies
  • Secure messaging architectures
  • Regulatory framework

Strengths in:

  • Project management skills and leadership
  • Business continuity planning and auditing
  • Effective communication and securing buy in from all colleagues.
  • Positively supporting effective change management within a safe operating environment and meeting business need.

*Our new ways of working will include a minimum of 2 days a week in the office.

Register Interest

33 King Street, St. James’s,
London, SW1Y 6RJ

    Upload CV