Information Security Officer
Newcastle upon Tyne, England, United Kingdom of Great Britain and Northern Ireland
Full Time
12 hours ago
No H1B
Key skills
CloudFirewallsRisk ManagementCommunicationCollaborationNetwork Security
About this role
Role Overview
- Support the development and implementation of the Information Security Strategy.
- Work alongside business units to assist in implementing appropriate corporate controls in line with the ISO/IEC 27001:2013, PCI, SOC standards.
- Contribute to the creation and maintenance of the Information Security Policies.
- Contribute to the security review of Contracts, Terms and Conditions and Non-Disclosure Agreements.
- Assist with regular security issues and incidents investigations reported to the team.
- Contribute to the creation and maintenance of a cyber incident management plan which is tested twice yearly.
- Take part in an on-call rota, ensuring prompt investigation and resolution of client incidents.
- Assist with the identification of security risks and treatment plans.
- Conduct security impact assessments to understand the level of risk Bede information systems are being exposed to.
- Support due-diligence activities on 3rd parties as part of Vendor Risk Management.
- Support the development, maintenance and communication of our security awareness programme.
- Take an active role in the management of security systems including Vulnerability Management, DLP, IDS/IPS, AV, SIEM, Firewalls and other network security systems, Endpoint Protection and Device Control systems.
- Measure the effectiveness of security controls through metrics and KPI’s.
- Providing technical reporting to Head of Information on control performance.
Requirements
- Extensive experience in Information Security or a related security-focused IT position.
- Excellent understanding of technical security controls, processes and cloud services.
- Information Security Impact Assessments.
- Effective written and verbal communication (procedure documentation and management reporting).
- Self motivated and able to work independently.
- Collaboration (effective team player).
- Knowledge of industry standards: ISO 27001, NIST 800-53/CSF, PCI-DSS, Cyber Essentials, Mitre ATT&CK.
- Experience running Cyber Incident Management Programmes.
- Experience running security investigations.
- One or more of the following qualifications: CISSP, CEH, CCSP, CSX, ISO 27001 Lead Implementer or equivalent.
Tech Stack
- Cloud
- Firewalls
Benefits
- A friendly, flexible and trust-based approach to working
- 25 days annual leave, plus 8 bank holidays and usually a generous Christmas break
- Fully matched private pension scheme (up to 8%)
- Bupa private healthcare from day one, including cash plan benefits, dental and optical cover (covers all pre-existing conditions)
- Life assurance cover of 4x your annual salary
- Employee Assistance Programme (via Bupa), providing confidential support and practical advice whenever you might need it
- Access to Calm
- the #1 app for meditation and sleep
- Innovation and learning – space to develop skills, try new ideas and experiment, with an annual hackathon where some ideas make it into real work.
- A work-owned mobile phone or tablet of your choice, with the monthly contract covered by us
- A great office setup – free snacks and drinks every day, plus regular food vans from some of the best places in Newcastle
- Bede Bucks – exclusive colleague discounts and access to a wellbeing platform
- Lots of social events – both in and outside of working hours
- Referral programme – help us grow the team and receive a referral bonus of up to £3,000 (pre-tax, subject to scheme terms)
- Bede swag – including hoodies, t-shirts and our much-loved Bede socks
- Bede Holidays – extra discretionary days off through the year as a thank-you for the great work our teams do