Policy & Awareness Specialist - Risks/Security/ISO27001/CISSP
Immediately recruiting on a contract basis, for a fantastic client close to Slough, Berkshire, who are looking for a Policy and Awareness Specialist.
The purpose of the role is to ensure that security controls are set in place through policies and standards and that there is an awareness programme which works in conjunction with these controls to protect Customers, People, Information, Data, Assets and company brand to meet legal, regulatory and contractual requirements.
The unique element is that the role is very diverse - from working on policies to the opposite end creating and designing Safe Campaigns. The role is also unique as you need to be able to engage with all the teams, customers, 3rd parties and our partners. The key contacts that the person will work with internally are People team, Brand, Data protection, Executive PAs and internal communications.
- Developing and maintaining all security policies, standards and awareness measures and activities.
- Drive our Security Awareness For Everyone (SAFE) programme that promotes and drives a cultural change throughout the business
- To support the Information Security Manager in delivering a consistent, best in class security service to our people, customers, 3rd parties and partners.
- Design and implement centralised processes for the identification, development, stakeholder review, approval, publication and maintenance of our security related policies and standards
- Work cross functionally with all business functions to develop a set of security standards, procedures and guidelines that are relevant to the business and aligned to industry best practice and legal & regulatory requirements
- Manage the development of the information security policies, standards and awareness function by ensuring alignment with Security
- Help deliver a tailored security awareness and training programme and roadmap which supports joiners, in situ, movers and leavers
- Identify and create the information security awareness tools and processes that can demonstrate and measure employee, 3rd Party and Partner adherence to all security policies
- Develop appropriate metrics and statistics; and provide timely reports on the performance of security policy and awareness activities
- Ensure that business leaders understand their role in relation to our security policies and are aware of our security strategy
- Continue and build the relationships with the relevant internal and external stakeholders to develop and maintain our security policy framework and awareness programme
- Develop and maintain our Security Awareness For Everyone programme and intranet site, providing access for all employees to our security materials, messages and self-help tools
- Responsible for all security communications, internally and externally, working in conjunction with the Head of Risk & Security and our Internal Communications department
- Responsible for driving and leading the Group Security Awareness Forum to share policies and practices.
- Reviewing security awareness and information for our customers.
- Basic understanding and knowledge of security standards - including and not limited - ISO27001/ISeC, Cobit, ISF, CESG, PCI-DSS, ND1643
- Utilising different methods and media to communicate, educate and assess messaging and requirements across varied and large audiences
- Strong communication skills; articulate, explaining technical issues simply both verbally and in writing
- Support all security and data protection functions in the delivery of key messages across Three and relevant 3rd parties and partners
- Ability to multi task and work on projects concurrently and under tight deadlines
- Detail oriented and customer focused with excellent time management skills
- Experience of working on polices and awareness programmes or other campaigns.
- Interested in gaining Security certification such as CISSP, CISM
In order to apply for the role, please send your most recent CV to Richard.Gallagher@projectpeople.com and your application will be considered.
Due to the large volumes of applications we receive, we cannot take calls on the position. Suitable candidates will be shortlisted and called back if successful after CV's are reviewed. Client information will not be divulged prior to receiving a CV.
Project People is acting as an Employment Business in relation to this vacancy.