Technical Information Security Officer

Job Description

Technical Information Security Officer (TISO) The Technical Information Security Officers are mid-level customer facing roles, reporting into the Head of Technical Security Assurance Practice and working alongside the other IS teams ("Governance Risk and Compliance" and "Threat and Response"), willengage with business functions and projects to identify, assess, and provide guidance around their technical security risks. The role aids delivery teams with implementing solutions that meet the expected controls to ensure compliance to ISO27001 ISMS policies,regulatory or contractual obligations.Key responsibilities will include:

• Providing technical security leadership as the IS subject matter expert to support functions with the interpretation and embedding of the technical aspects of the companys information security strategy within their individual functions strategies.
• Being accountable for reviewing and reporting on allocated functions compliance with technical security legal requirements, regulatory requirements, and contractual obligations, including completing technical audits in support of the companys informationassurance plan.
• Enabling functions and their stakeholders to integrate and embed the technical requirements of the companys Information Security Management Systems and supporting frameworks within their functions technical solutions and processes; supporting functionsto raise exceptions against the companys ISMS.
• Owning domain specific horizon scanning and engaging with external research and advisory organisations, industry bodies, customers, and 3rd party vendors to ensure current knowledge and skills are maintained; ensuring that IS can enhance innovation, improveproductivity, and ultimately drive revenue.
• Supporting technical and product teams within the companys on bids (RFI/RFP) and designs to ensure security requirements are delivered as part of the product.
• Reviewing project designs and making actionable recommendations to the project team, understanding the technologies, and driving solutions. Be the primary security officer responsible for providing security guidance and testing requirements to the projectteams on multiple, concurrent agile and waterfall projects.
• Developing new or improved of processes, procedures, policies, standards, and guidelines to continuously improve the companys cyber security maturity.
• Promoting awareness of current policies and standards; providing consistent interpretation of policy to technology teams and other business areas.
• Leading on (while working with the Threat and Response team and business functions) defining the scope for penetration tests, vulnerability assessments and technical reviews; evaluating results and driving on appropriate remedial actions.
• Assisting and supporting Information Security Risk Assessors with risk assessments as well as conducting quick risk appraisals.

Must Haves:Extensive knowledge and experience with:

• IP networking concepts and supporting protocols (Dynamic Routing, DNS, NTP, SNMP etc.)
• Operational Technology (OT) security and connectivity, ideally with exposure to Broadcast and Media sectors, and how this differs from typical IT systems

Knowledge and understanding of some the following:

• Satellite communications
• Broadcast Radio
• Digital Terrestrial Television (DTT)
• Media Multiplexing and content distribution
• Operations Support Systems (OSS) used on broadcast networks
• Amazon Web Services (AWS) infrastructure, services, and security

Significant IS experience and knowledge including using artefacts / standards from at least one of the following authorities:

• National Institute for Standards and Technology (NIST) - Cyber Security Framework
• Information Security Foundation (ISF) - The Standard of Good Practice for Information Security, Maturity Model, Benchmark, Using Cloud Services Securely
• Centre for Internet Security (CIS) – Controls, Benchmark
• Cloud Security Alliance (CCA) – Cloud Controls Matrix

• Knowledge & appreciation for ISO 27001/27002 and the Network & Information Systems Regulations (NIS).
• Excellent written and verbal communication skills, including executive level internal and customer presentations.
• Excellent collaboration and engagement skills to be used to form strong effective partnerships with internal and external stakeholders.

Hold least two of the following professional qualifications (preferably one being CISSP):

• CISSP, Certified Information Systems Security Professional (ISC2)
• CCSP, Certified Cloud Security Professional (ISC2)
• CCSK, Certificate of Cloud Security Knowledge (CSA)
• CISM, Certified Information Security Manager (ISCA)
• SABSA
• TOGAF
• CEH, Certified Ethical Hacker (EC-Council)
• CCNP Security, Cisco Certified Network Professional (Cisco)

Experience:Min 3 yrs. in a dedicated security design/architect/consultant role delivering from requirements to build and transitionMin 4 yrs. in information Security environmentsMin 8 yrs. working in an IT environmentMight Haves:

• Experience of working in government or other highly regulated environments.However, we are open to wider applicants with an interest in the sectors we operate in.
• More than anything, we want to work with people who are passionate about what they do and believe in our vision. So, if you think you have most of the skills and / or experience we are looking for, then please do apply for the role - we want to hear fromyou!

Please note you will have to travel on occasion to the London/Winchester office for meetingsLooking forward to hearing from you!Job Title: Technical Information Security OfficerLocation: London, UKRate/Salary: 500.00 - 600.00 GBP DailyJob Type: Contract Trading as TEKsystems. Allegis Group Limited, Maxis 2, Western Road, Bracknell, RG12 1RT, United Kingdom. No. 2876353. Allegis Group Limited operates as an Employment Business and Employment Agency as set out in the Conduct of Employment Agencies and EmploymentBusinesses Regulations 2003. TEKsystems is a company wit