INFORMATION SECURITY LEAD

Position Objective:

Information Security Lead required to manage and deliver risk assessments for suppliers and enterprise-wide projects. The role will be focused on delivering high level risk assessments as well as overseeing lower level risk activities.


Responsibilities:

Key duties and responsibilities but are not limited to those listed below:
Lead and manage high, medium and low risk assessments for both supplies and projects
Perform technical project and supplier risk assessments
Ensure projects comply with the company’s information security policies
Consult with stakeholders on key controls and security requirements
Consult on remediation plans once risk assessments have been conducted
Act as the main point of contact for all risk assessment and remediation

Strategic Support
Work with managers to build on an existing information security program and ongoing security projects that address information security risks and compliance requirements.
Manage the process of gathering, analysing and assessing the current and future threat landscape, as well as providing the managers with a realistic overview of risks and threats in the enterprise environment.
Lead the preparation of institutional Information Security audits.
Monitor and report on compliance with security policies, as well as the enforcement of policies across the VUS Campuses.
Evaluation of compliance with stakeholder requirements, including response to requirement specifications from potential funders such as research councils & government departments.
Evaluate and update to new & existing policies and procedures to ensure operating efficiency and regulatory compliance.
Architecture / Engineering Support
Consult with IT colleagues to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software as part of Privacy by Design and Default. Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyse its impact on the existing environment; provide technical and managerial expertise for the administration of security tools.
Develop a strong working relationship with the Application, Infrastructure, IT Support to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements.

Operational Support
Manage and coordinate operational components of security incident management, including detection response and reporting.
Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.
Manage security projects and provide expert guidance on security matters for other IT projects.
Evaluate requests for exceptions to policies, ensuring sufficient mitigating controls are in place.
Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements.
Liaison & Networking – Information Security Liaison
Provide Information security communication, awareness and training to the appropriate VUS staff and students.
Engage effectively with appropriate external networks and external professional bodies.
Other duties
Stay abreast of regulatory changes including cybersecurity developments and their impact on IT requirements, including relevant data privacy requirements.
Continuously improve processes and implement tools for policy management

 

Position Requirements:

Qualification: Bachelor’s degree in computer science or related field or related experience
Essential criteria Degree or equivalent qualification in Information Systems security or related technical discipline or relevant experience
Desirable Certified Information Systems Security Professional (CISSP)
Proven experience in an information security role including experience of developing Information Security policies and plans
Working knowledge of the Data Protection Act (1998) and the incoming General Data Protection Regulations (GDPR)