Information Security and Risk Officer
GGR Communications Ltd is an engineering-based company with a reputation built on the provision of sound technical solutions to suit all customer requirements. Founded in 1994, we offer the latest solutions and technologies for Managed Network Services, Wireless Networking, Cloud Connectivity, Unified Communications, Network and Data Security. Here at GGR Communications we pride ourselves on offering high levels of technical design and delivery, extensive 24/7 support services, including on-site maintenance, remote monitoring and fault diagnostic assistance, ensuring complete flexibility and peace of mind for our customers. Our team is focussed on creating long-term partnerships with our customers that deliver results consistently.
As a company, we believe in continuous learning and growing. GGR is a Cisco Premier Partner, holding advanced certifications in Enterprise Networks, Security and Collaboration. All our engineers are Cisco accredited, with many years of experience to draw upon, giving our customers the confidence that their network and IT infrastructure is secure and in safe hands.
We are currently looking for an experienced Information Security Officer to lead its governance and risk management programme to ensure the organisation adheres to compliance standards and internal policies. You will be responsible for the continued development and implementation of the information security program, which includes controls designed to protect enterprise communications, systems and assets from both internal and external threats. You will be responsible for the day-to-day operation and continual improvement of GGR’s management system including the development, review, monitoring and enforcement of policies, processes and working practises across all aspects and levels of the business, as well as providing guidance on compliance matters.
You will also focus on proactively improving the cybersecurity posture. In this role you will collaborate with internal stakeholders with an aim to increase cybersecurity awareness and reduce information security risks.
You shall oversee the scanning of managed customer assets using Industry toolsets as well as leading advocacy and awareness of Information Security within our customer base. Whilst we cannot mandate that every customer maintains ISO 27001 or similar, we aim to help them be aware of and actively manage and mitigate their Information Security risks.
- Develop and oversee control systems including developing and maintaining information security policies and procedures, SOPs, and GDPR related documentation.
- Production and ongoing development of a detailed roadmap to maintain and continuously improve the secure environment.
- Evaluate the efficiency of controls and improve them continuously.
- Monitor, assess and evaluate risks.
- Carry out and respond to Security Incident Management and Response, establishing appropriate standards and controls, managing security technologies, and directing the establishment and implementation of policies and procedures.
- Collaborate with business departments to monitor the enforcement of standards and regulations.
- Assess the business’s future ventures to identify possible compliance risks.
- Review the work of colleagues when necessary to identify compliance issues and provide advice or training.
- Work with External Consultants as appropriate on required security assessments and audits with follow-up of issues identified through external assessments.
- Keep abreast of regulatory developments within or outside of the company as well as evolving best practices in compliance control.
- Assist with implementation of regulatory security compliance projects.
- Assist in the design of the security architecture of the systems and the security requirements.
- Prepare reports for senior management and external bodies as appropriate.
- Periodically perform assessment and security compliance checks, including network penetration testing, and vulnerability scans
- Deliver information security training, awareness, and guidance to employees to raise security awareness and improve security performance.
- Be on call to support the organisation with security incident response outside office hours.
Experience and Skills
- Proven experience in an information security role (including experience in penetration test and security audits).
- Have experience with Endpoint protection solutions, Intrusion Detection and Intrusion Prevention Systems, Firewalls, Active Directory, Vulnerability Assessment tools, Security Information Event Management tools, and application security and vulnerability management.
- Strong interpersonal skills, with the ability to communicate, influence and negotiate with senior stakeholders to obtain or leverage necessary resources.
- Demonstrate good judgement in navigating challenging issues and in recommending an appropriate course of action.
- Strong and demonstrable capability in ensuring delivery of their projects.
- A business acumen partnered with a dedication to legality.
- In depth technical level of understanding of infrastructure operations and software engineering, showing a strong understanding of relevant subject matter.
- A deep understanding of vulnerability management and associated monitoring solutions and practices.
- Experience of formal security risk assessment methodologies.
- Can work under pressure and to tight deadlines.
- Have good analytical and problem-solving skills.
- Have at least 3 years of experience in Information Security, including handling information security incidents and events, investigation and response.
- The ability to deliver difficult messages and resolve issues to achieve results, whilst maintaining strong stakeholder engagement.
- Good working knowledge of ISO 27001
- Have relevant security related diploma or equivalent, or better.
- Desirable to have, or be able to demonstrate experience of
- Information Security Professional – CISSP, CISA, CISM
- Technical Security Professional – OCSP / CEH certification
- Good knowledge of information security incl. ISO 27001
- Good knowledge business continuity incl. ISO 22301
- Good knowledge of SOC 2 and NIST security guidelines
- Experience using Nessus products and similar toolsets.
Salary and Benefits
- £35,000 – £50,000 based upon Qualifications and Experience
- Life Insurance
- Private Health Insurance
If you are interested in applying, please forward your CV and a covering letter to firstname.lastname@example.org