Information Security / Operational Support Specialist
Contract: 6 month ( outside IR35), Hybrid ( twice a week in office), London
An Asset Finance Software Business is seeking an Information Security Contractor to provide operational support focused on clearing the backlog of security tasks. You will have experience and be accredited with CRISC (Certified in Risk and Information Systems Control): Manage IT and ISMS-related risks, or CISM (Certified Information Security Manager): Oversee security management, including ISMS.
This includes:
- handling security assessments,
- responding to inquiries,
- managing third-party risk assessments,
- and resolving corrective actions and vulnerabilities.
The role is essential for maintaining operational efficiency, allowing the Information Security Manager to focus on strategic priorities.
Responsibilities:
- Operational Support: Manage security inquiries, third-party risk assessments, corrective actions, and vulnerabilities to ensure timely resolution.
- Security Assessments: Review and resolve outstanding security issues and ensure improvements are made where necessary.
- Task Management: Prioritise and complete backlog tasks, ensuring deadlines are met.
- Collaboration: Work with internal teams to gather necessary information and execute tasks efficiently.
- Autonomous Execution: Independently manage assigned tasks and provide regular updates.
- Adaptability: Adjust to shifting priorities, focusing on backlog clearance and high-risk areas.
Skills & Requirements:
Must Have:
- Operational Security Experience: Strong background in handling security assessments, third-party evaluations, corrective actions, and vulnerabilities.
- Task Management: Ability to manage competing priorities and meet deadlines.
- Autonomous Work: Proven ability to work independently and keep key stakeholders informed.
- Collaboration: Strong communication skills to work effectively with internal teams.
- Adaptability: Capable of adjusting to changing priorities as the workload evolves.
- Success Metrics:
- Timely completion of security assessments, third-party risk evaluations, and vulnerability reviews.
- Efficient resolution of backlog tasks.
- Positive feedback from internal teams on collaboration and task management.
- Successful execution of security tasks, meeting deadlines and objectives.
- CISA, CRISC, or CISM
Accreditations and certifications:
Gold Level
ISO/IEC 27001 Lead Implementer: Lead ISMS implementation and management.
ISO/IEC 27001 Lead Auditor: Lead audits to ensure ISMS compliance.
CRISC (Certified in Risk and Information Systems Control): Manage IT and ISMS-related risks.
CISM (Certified Information Security Manager): Oversee security management, including ISMS.
Silver
ISO/IEC 27001 Internal Auditor: Perform internal audits for ISMS compliance.
CISA (Certified Information Systems Auditor): Audit ISMS and IT systems for compliance.
ISO/IEC 27001 Foundation: Support ISMS tasks with foundational ISO 27001 knowledge.
GDPR Practitioner: Ensure GDPR compliance within the ISMS.