Security & Information Risk Advisor SIRA

Job Description

The OrganisationNHS organisation is seeking to recruit a Security & Information Risk Advisor (SIRA) to join a growing team.The RoleJoining a Security & Information Governance Team that covers both information security and information assurance, the SIRA will work closely the Information Governance and Information Security as well as Cyber Security teams, in supporting the delivery of theinformation security management programme, primarily focussed on information assurance activities and related processes within the organisation.You will actively support the continual review of the organisations arrangements for information security management, working with relevant stakeholders and suppliers to understand the information security threat landscape, trends, and emerging risks.You will also apply your understanding to analyse information security data and performance metrics from across the organisation, identify information security risks and weaknesses and recommend appropriate actions for improvement to senior management.Specifically you will:

• Undertake information security assurance assessments and produce Information Security Assurance Documentation (ISAD) for the certification of business systems
• Understand and employing a scenario-based approach to information risk assessment
• Undertake information security risk assessments through the evaluation of events and consequences
• Engage with senior management (SIRO and Information Asset Owners) to ensure that they understand the information security risks relevant to their service area and to the organisation as a whole
• Co-ordinate the identification of suitable information security risk treatment options
• Monitor and reporting on the effectiveness of information security controls based on the analysis of information security metrics and measures data, KPIs and KRIs
• Monitor and reporting on compliance with information security policies, standards and procedures
• Produce information security evidence (control assessments) to facilitate the effective and consistent application of the information security risk management process, ensuring that controls are reasonable, proportionate to risk and aligned with businessrequirements
• Participate in the development, delivery and management of the information security education, training and awareness programme
• Develop and delivering information security management awareness training for all levels of the organisation, including online and face-to-face sessions
• Provide information security support, advice and guidance to all teams
• Establish information security management arrangements for new services / programmes / projectsensuring that information security controls reflect best practice and are embedded within processes and procedures
• Manage information security incidents and ensuring that remediation actions are taken in a timely manner
• Scope and conducting information security internal audits in accordance with the ISMS internal audit schedule
• Use credible and reliable information and information sources to provide evidence of emerging information security threats
• Maintain a sound knowledge of information security products, systems and procedures used within the organisation.

The RequirementsWith at least 2 years experience working within Information Security, youwill have experience of working to standards such as ISO 27001 and PCI DSS as well as regulatory standards.Though experience of working within the public sector would be desirable, it is more important that candidates possess both a sound technical IT knowledge, and have specialised in a risk and compliance based information security role.The organisation operates hybrid working and it is anticipated that they would need to be in the office 1-2 days per week.