Overview
Provides advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards. Contributes to the development of information security policy, standards, and guidelines.
Key Responsibilities
- Provides advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards.
- Contributes to development of information security policy, standards and guidelines.
- Interprets information assurance and security policies and applies these to manage risks.
- Provides advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards and guidelines.
- Performs routine threat intelligence gathering tasks.
- Transforms collected information into a data format that can be used for operational security activities.
- Implements the governance framework to enable governance activity to be conducted.
- Determines the requirements for appropriate governance reflecting the organisation's values, ethics and wider governance frameworks.
- Plans and implements complex and substantial risk management activities within a specific function, technical area, project or programme.
- Implements consistent and reliable risk management processes and reporting to key stakeholders.
- Engages specialists and domain experts as necessary.
Required Experience
- A minimum requirement of 3 years post-related experience.
- Exceptionally, at least 10 years extensive and progressive expertise in duties related to the function of the post.
- Comprehensive knowledge of the principles of computers and communication security, networking, and the vulnerabilities of modern operating systems and applications.
- Experience with implementation and integration of CIS Security protective measures in enterprise environments.
- Experience in governance, risk, and compliance (GRC).
- Experience leading security audits, risk assessments, and regulatory reporting.
- Experience developing and maintaining security frameworks (ISO 27001, NIST, CIS).
- Enforcing organization-wide policies and defining security awareness programs.
- Experience with cross-functional collaboration and liaising between technical and business teams.
- Experience overseeing and support testing, disaster recovery and business continuity capabilities
- Experience responding to and knowledge of security investigation and initial response capabilities
- Experience working within a classified network environment
Qualifications
• A minimum requirement of a Bachelor’s degree at a nationally recognised/certified University in a related discipline.
