Information Security Assurance Officer
Job Description
Job title: Information Security Assurance Officer
Company: Cumberland Building Society
Job description: We have an exciting opportunity for an Information Security Assurance Officer to join our team. You will be supporting the Information Security Manager in developing, maintaining, and delivering the Society’s Information Security Assurance program ensuring that it meets current and future business requirements.
You will play a pivotal role in mitigating risk of potential Information Security breaches as well as reviewing lessons learnt from incidents, risk events and near misses, working with relevant areas of the business to implement suitable controls.
Ideally you will have demonstrable experience within the Information Security discipline and have first-hand experience of compliance such as ISO27001, NIST, CBEST & CQUEST requirements
The role
Main responsibilities include:
- Support and execute all groups-wide assurance tasks, initiatives and assignments.
- Assist in the ongoing program of security assurance covering all aspects of ISO27001 and the controls set out in the Society.
- Support the management of the Information Security Management System on behalf of the Society and ensure compliance with its components.
- Assist in updating assurance owned documentation and proactively managing the assurance audit calendar on behalf of the Information Security Assurance Manager.
- To be proactive in making recommendations for updates to policies and procedures as required
- Carry out assurance reviews in line with the schedules calendar, producing reports, feedback and managing actions/non-conformities through to satisfactory conclusion.
- Support the Information Security Assurance Manager in working with information security operations to maintain acceptable levels of control and risk throughout the Society.
- To assist in the maintenance of the Information Security (COO) Risks and Controls register and work closely with other information security colleagues and carry out actions to mitigate the risks identified.
- Identify risks and ensure these are presented in accordance with procedures and are given the appropriate level of attention.
- Propose appropriate level of risk mitigation/compensating controls. Work closely with key stakeholders including Risk, Audit, Technology and Information Security Operations to assist and provide input to ensure that Society policies and procedures for Information/Cyber Security Operations are effective and adhered to.
- Assist in the preparation and delivery of Information Security Assurance reports, dashboards and audits are completed on schedule.
- To assist with assurance returns e.g., LINK, Code of Conduct, SWIFT etc.
- To assist with content for information security campaigns.
- Support in phishing campaigns, the management the outcomes and necessary training.
- To assist in the delivery of training and awareness across the Society.
- Keep up to date with security trends, threats and control measures and recommend new solutions and initiatives that will enhance the protection of the Society’s assets and data
And the following skills, abilities and behaviours:
- Excellent interpersonal, written and verbal communication skills and the ability to work well with people at every level
- Ability to work with autonomy, be organised and able to work under pressure
- Strong relationship management and influencing skills
- Attention to detail to ensure accurate assessment and management of risk
- Strong analytical skillset
- Can demonstrate people management skills and the necessary soft skills
- Ability to effectively prioritise situations requiring urgent attention
- The ability to inspire the team to think ‘outside of the box’ and go the extra mile
- Pro-activity and self-motivated with the proven ability to drive results and provide excellent customer services to all levels of the organisation
- High level of motivation to see success delivered through own personal efforts and those around them
Interested?
The closing date for completed applications is 1 February 2024.
This vacancy may close early if enough applications are received.
We’re here to create a banking experience that’s kinder to people and planet.
Unlike banks, we don’t have public or private shareholders which means we can invest 100% of our profits back into our business. As a result, our business is purpose-led, financially strong, socially responsible and always focused on our people, planet and communities.
Expected salary: £40905 per year
Location: Carlisle