AddressHybrid
Risley, United Kingdom
Full time
This is an exciting opportunity for an experienced Information Security professional to join Amentum.
Our Information Security Officer (ISO) is a key influential member of our team. The role holder will be responsible for driving our compliance and assurance capabilities that range from our internal data protection and Information Security requirements and those driven through our independent certification to industry frameworks (such as ISO 27001 etc), to our customer specified security requirements. The role holder will be responsible for driving our compliance capabilities and our assurance internally and with our supply chain. Supporting the maintenance of our suite of security policies, standards, processes, procedures and guidance will be integral to the role.
The role holder will report to our Director of Digital & Data Services, work closely with our Information Security Manager (ISM) and support the operation of our Information Security Management System (ISMS) and Security Programme.
Key responsibilities include:
Support the operation of Amentum's Data Protection Compliance Programme
Provide advice and guidance concerning data protection and Information Security
Develop and deliver training and awareness materials and communications concerning data protection and Information Security
Support the completion, review and maintenance of Data Protection Impact Assessments
Support Information Security Risk Assessments and associated Risk Treatment activities
Engage with customers and other external bodies
Conduct maturity assessments of security capabilities and controls
Develop plans to implement, develop and enforce security requirements
Develop and maintain assurance function and capabilities incorporating risk management
Support the maintenance of Amentum’s security policies, standards, processes, procedures and guidance
Lead customer engagements and internal workshops
Provide advice and guidance as our authority and SME on GRC related matters
Conduct Internal Audits
Engage, support, and facilitate any compliance and external audit requirements
Support business development initiatives
Participate in security investigations as needed
Position Knowledge, Skills, and Abilities Required:
At least 3 years previous experience in a data protection / GRC / Information Security assurance role
A relevant professional certification such as: CISM, CRISC, CISA etc.
A good understanding of the UK-GDPR, DPA’18, ISO 27001 and associated security controls (technical, procedural, personnel and physical)
Excellent communication skills, both written and verbal
Excellent analytical and problem-solving skills
An effective decision maker, who utilises evidence, available data and personal knowledge to provide clear, accurate and professional decisions
Ability to prioritise workload and work well under pressure to meet deadlines and manage business expectations
Effective influencing and negotiation skills
Understanding and experience of business and technical Information Security concepts including risk management, defence in depth, and accreditation demands
Practical experience of ISO 27001 and Cyber Essentials.
Demonstratable commitment to ongoing professional development
Preferred Qualifications:
- ISO 27001 Implementer or Lead Implementer
- ISO 27001 Auditor or Lead Auditor
- Education/Training qualification
