Convergence Group has an exciting opportunity based in Solihull, on a full time, permanent basis. In return you will receive a competitive salary with excellent additional benefits.
At Convergence, our vision is clear: we want to change people’s digital experience in a connected world. We understand that communications are as essential to business today as power, water or gas. Connectivity isn’t about LAN, WAN, Internet or Voice, it’s about connecting users and devices to the applications and services they need.
We earn the trust of our partners and regulators every day by delivering superior service through superior people and processes. No-matter your need you can trust Convergence Group to deliver connectivity you can rely on – we’re Connectivity-as-a-Service and our people. If you have the no nonsense, agile approach to match our DNA, then this is the role for you.
- Competitive Salary
- Substantial Bonus Opportunity
- Private Medical Insurance (medical, mental, optical & dental)
- Income Protection
- Life Assurance
- Holidays with option to buy or sell
- Reward & recognition incentives
- Cycle to Work Scheme
Purpose of the role:
The Compliance Officer (Information Security) is accountable for supporting the business to ensure appropriate controls are in place for the security of information assets. The Compliance Officer (Information Security) safeguards information by seeing that security risks are identified, assessed, accurately reported and supporting elimination / mitigation of those risks. Additionally, the Compliance Officer (Information Security) is responsible for ensuring organisation policies and procedures comply with all regulatory and legal requirements.
Provide independent advice and direction to the organisation focused around information security and assist with effective business compliance with ISO 27001, CAS-T, HSCN, PSN, Cyber Essentials & customer requirements.
Develop, implement, enforce and review suitable and relevant information security policies, process and procedures ensuring that these are compliant with legislation and compliance requirements of the organisation.
Undertake a role as part of the ISO committee, at which point additional duties may become applicable.
Investigate suspected and actual breaches of security and undertake reporting/remedial action as required. Maintain a log of any incidents and remedial recommendations and actions.
Support the development and delivery of an information security awareness and training programme.
Maintain the appropriate risk registers for Information Security.
Administer the business wide change approval board.
Provide independent technical validation of security controls in internal audits.
Creates a culture of cyber security both with the organisation and driving behavioural changes for the business.
Administer internal and external pen testing including supporting information asset owners to eliminate / mitigate identified vulnerabilities.
Evaluates security trends, evolving threats, risks and vulnerabilities.
Support the business in ensuring appropriate administrative, physical and technical safeguards are in place to protect information assets from internal and external threats. Identify areas of improvement to controls across the organisation and assist in technical documentation, business cases and implementation of controls.
What you need for the role:
At least 3 years of experience in information security or IT / telecoms industry
Knowledge of Information Security standards
ISO27001:2013 (beneficial), CAS-T (beneficial), HSCN (beneficial), PSN (beneficial), GDPR (beneficial)
Business Know How:
Good working knowledge of data protection legislation
Experience working within an ISO27001 Information Security Management System