Information Security and Assurance Advisor

Location: Leek Wootton

Salary: £48,894.00 - £54,879.00

Permanent

Full time

Previous applicants need not apply

Job Purpose

To provide professional guidance and specialist advice with regard to all information assurance, security and risk matters and ensure development and implementation of all necessary policies, procedures and processes to achieve compliance with national codes of connection for Police information systems and the SYAP.

To support the maintenance of the Warwickshire Police Information Security Incident Register, manage and coordinate the investigation of reported incidents and if required make recommendations on corrective measures to prevent a re-occurrence.

To undertake onsite auditing of Police facilities for information security and assurance issues, and undertake 3rd Party Supplier assessments to ensure they meet expected security and assurance compliance levels.

To support departments with completing data protection impact assessments and providing information assurance and security advice and guidance on matters.

Main Responsibilities

To support the Warwickshire Police Information Security and Assurance programme to enable appropriate assurance and compliance processes and ensure they meet with wider mandatory information security and assurance requirements and national reporting standards. i.e. Syap

To develop, review and implement policies and best practice for the ongoing management and maintenance of information security and cyber security management. And to support the work of the Information Assurance Team and Cyber Security functions within the Force.

To implement processes and techniques to regularly assess information assets for compliance with security policies, national policing and best practice information assurance standards, legal and regulatory requirements.

To be a point of contact for information security and assurance queries.

To plan and undertake information security audits and compliance checks to ensure the physical and data security protection of all information systems and information assets. Ensuring compliance with information security requirements, national guidance, standards, policies, and information risk management, covering both the Force and relevant Suppliers and 3rd parties

To identify information security and assurance requirements creating Risk Assessment Reports and/or reviewing other associated assurance documentation, where there are new or changed processes, information assets or activities; working with business areas and project leads to ensure that appropriate assurance is undertaken and documented.

Co-ordinate investigative and reporting action of all actual and suspected information security incidents, ensuring that action is taken to prevent reoccurrence and incident trends are monitored to inform organisational learning.

To prepare and deliver information security training, education, and awareness in relation to information security, information assurance and information risks.

To actively engage all key stakeholders, including partner agencies and third-party suppliers, sharing, storing or processing information owned by Warwickshire Police in the application of information security best practice and relevant standards, ensuring compliance with legalisation, statutory requirements, national and best practice standards Home Office legislation and statutory guidance.

To maintain awareness and up to date knowledge of all current relevant information security management and data protection legislation, methods and practices ensuring that an environment of continuous improvement, innovation and emerging best practice are evaluated.

Represent professionally and promote the reputation of Warwickshire Police at meetings and groups both internally and externally, including the development of appropriate and constructive partnerships with relevant organisations. To assist with chairing and minute taking at the Tactical Information Assurance Group.

To undertake other duties commensurate with the nature, level of responsibility and grading of this post, as required

Special conditions: Regular travel throughout Warwickshire. Driving licence essential.

Knowledge

Person Specification:

A Levels, or equivalent, qualification.

To hold a recognised information security, data protection or information risk qualification qualification (e.g Certified Information Security Manager (CISM), CISSP, GCRC, CRISC, DP PDP, BCS etc)

Sound practical knowledge of current Information Security Cyber and Assurance Management standards and best practice (including ISO 27001/NIST Framework).

Sound practical knowledge of current data protection legislation, standards and practice.

Knowledge and understanding of the Technical, Human Resource, Procurement, Project, and Physical Security issues that impact upon information security and assurance.

Able to demonstrate a good understanding of information security concepts and practices concerned with maintaining the confidentiality, integrity, and availability of information.

Desirable

Knowledge of the police service IA conditions (Codes of Connection)

3rd party and onsite security and assurance auditing

Experience

Experience of operational delivery of information security in a multi-site organisation.

Demonstrable experience of Public Sector Network (PSN)/Syap compliance requirements including evidenced understanding of maintaining accreditation.

Experience of developing and implementing information security and assurance policies and procedures.

Experience of undertaking internal audits and accreditation activities, working closely with ICT and other key force teams, external auditors and accreditors

Experience in facilitating and leading meetings with internal and external stakeholders at senior level.

Experience of liaising with other organisations and agencies on information security matters.

Key Skills

Ability to work to tight deadlines, respond to changing demands and deliver efficient follow-ups.

Evidence of influencing through facts the motivation and behaviour of people both internally and externally.

Effective interpersonal and communication skills, both written and verbal, and the ability to explain complex issues at a variety of levels.

Ability to undertake sensitive enquiries with limited supervision and to manage and keep secure sensitive material.