Location: West Midlands Salary ??40,000-??70,000 Role: Information Assurance Practitioner
Are you an experienced GRC professional looking to progress your career with an exciting well known company?
Do you have experience and knowledge of applying frameworks such as NIST, CSF, HMG, SPF AND ISO27001?
Are you experienced with interpreting and applying policies and legislation eg SOX, DPA, NCSC, and have assisted with the implementation and improvement of governance, procedures?
Then this role may be perfect for you!
My client is looking to hire a Information Assurance Practitioner to work within the network and transport sector, applying information assurance standards whilst adhering to frameworks such as HMG SPF, NIST, CSF and NCSC.
You will be working with the businesses across critical areas of infrastructure, technology and applications to apply policy and procedural alignment against central ISO27001 standards.
Responsibilities will include:
- Lead security risk assessments at business, technical architecture reviews
- Undertake gap analysis across projects and programmes using mature methodologies such as NIST (National Institute of Standards and Technology) CSF (Cyber Security Framework).
- Interpreting and applying appropriate standards, policies and legislation, eg SOX, DPA, HMG SPF, NCSC IA Portfolio, ISO27001,etc.
- Produce gap RTP (risk treatment plan) remediation plans for projects and programmes and report findings with recommendations to customers. RTPs must incorporate were possible relevant (current) threats to new systems that are being deployed along with highlighting internal, external vulnerabilities along with likelihood of exploitation
- Assist with the continual implementation and improvement of governance procedures within business units whilst adhering to centrals processes
- Collaborate with the wider cyber teams to ensure full coverage of implementation of best practice and IA across the group
- Evaluate new technologies for potential adoption in accordance with IA and good practice guides such as NCSC, CNI GPG's, IA architectural patterns
- Support the development of junior IA professionals (apprentices) across the business
- Support CTO, IT and business units with conformance against (as applicable) NIS Directive, PSN CoCo, re-certifications against schemes such as Cyber Essentials
- Experience and knowledge to apply NIST, CSF, HMG SPF, ISO27001 standards and frameworks
- Experience of undertaking and leading risk assessments, risk treatment and implementing practice countermeasures for pragmatic remediation
- Strong knowledge and experience of IT security
- Security qualifications, preferably NCSC certified (minimum Practitioner level), CISSP, CISM, CompTIA CASP+
- High documentation standards
- Penetration testing/ethical hacking experience
- Experience of running vulnerability scans and understanding the security risk review process
- Knowledge and understanding of the current and developing strategic information requirements of a Technology Services business
- Strong interpersonal and communication skills
- Skill in organising resources and establishing priorities
- Ability to steer on regulatory and compliance matters
- ISO27001 internal auditor or other CISA an advantage
- Working knowledge of List X, List N, IEC62443-3-3 related standards advantageous
- Eligible for Security Clearance (successful appointment will be subject to being granted Security Clearance)
Excellent employee benefits:
- 33 days holiday, including public holidays, plus the option to buy or sell five days each year
- Company pension scheme
- A range of family friendly policies including childcare vouchers
- An employee-funded car leasing scheme
- Occupational health support
My client are looking to conduct interviews this week, therefore if you think you, or someone you may know, would be suitable please do not hesitate to get in touch and apply straight away.
Please contact me on or call me