Information Security Lead

As an organisation our Culture & Values are a critical part of our ability to meet the challenges of today’s demanding utility market, enabling us deliver least cost solutions that do not compromise safety, quality, or customer service.
We are growing fast so this position presents a great opportunity for the right candidate, as we are looking for someone who will embrace the opportunity, and progress with the business as it grows. So, if you feel you are the right fit for us, and the above Culture and Values resonate with you, then we would be delighted to hear from you.
Specific Responsibilities:

• Development of ISO 27001 Information Security Management System, its policies and procedures.
• Assist with the continuous development and implementation of IT security strategy for the organisation, with specific responsibility for technology security strategy.
• Work closely with the IT Department and Quality to ensure alignment of security controls with IT security strategy, policy, and standards.
• Implement and Maintain the IT Risk Register, evaluating risks and ensuring risk treatment plans are completed to protect information assets.
• Maintain policies, procedures, and standards in line with current and emerging requirements.
• Enhance and streamline third-party supplier assessments, ensuring cybersecurity involvement, cataloguing and tracking of risks, and monitoring for changes.
• Stay abreast with international laws and regulations to proactively identify gaps.
• Assist in the completion of the Information Security Internal Audits with the Quality Department Develop to ensure controls are continually tested for efficacy.
• Action on audit recommendations arising from internal/external audits and security reviews.
• Configure and carry out regular vulnerability scans against all workstations, servers and network infrastructure.
• Provide Training and guidance to business leaders and users so they are aware of corporate Information Security policy and standards, and security issues relevant to their business units.
• Evaluate new technologies, products, vendors and applications against security standards.
• Monitoring and reviewing access to applications, database management systems and underlying operating systems.
• Monitor, analyse, document and resolve potential security breaches and vulnerability issues in a timely and accurate fashion.

• A degree in IT is desirable.  
• Minimum 3 years’ experience in similar role.
• Practical experience developing scalable and robust risk and compliance programs.
• Experience collaborating with cross-functional teams to develop and track risk mitigation efforts.
• Experience owning Information Security gap analysis against compliance standards.
• Experience in supporting and facilitating audit preparedness activities.
• Experience implementing processes to facilitate customer security inquiries.
• Good interpersonal skills, team player, with a positive attitude in dealing with people.
• Proficient working knowledge of ISO 27001:2013 Standard.  
• Self-Motivated with an eagerness to progress within the industry.  
• Strong Problem solving and trouble-shooting skills.
• Logical thinker with an ability to define problems, collect data, establish facts, and implement solutions.  
• Keen interest in learning and professional development.