Information Security & Assurance Manager
Axios Systems is an international IT Service Management software company who develop, implement and support assyst, a sophisticated and high-value business software solution. We specialise in delivering Help Desk and IT Service Management solutions to large blue-chip organisations and to the public sector while offering world class, best practice consultancy solutions.
Axios Systems is headquartered in the UK with offices across the Americas, Europe, Middle East and Asia Pacific. The Integrations Section is part of Axios Service Centre and enables our customers to integrate assyst to a large number of third party applications. This is achieved using existing assyst applications as well as customisation and development of bespoke solutions built on our own integration framework.
Work with the technology groups to implement a risk managed approach to information assurance within the business. Working closely with the CTO and infrastructure / business teams to identify and arrange for deployment of appropriate policy creation and development of compensating controls to address security and risk gaps in IT systems. Ensuring all Senior Executives are aware of their responsibilities and accountability for compliance with all Information Assurance related policies.
- Apply knowledge of IA policy, procedures to design, develop, and implement secure networking, computing and network environments.
- Establish an effective approach to information assurance through the design and implementation of an information security policy that is aligned to industry good practice (such as (ISO27001:2013)
- Coordinate the delivery of process and guidance documents that support the information security policy.
- Establish Information Security risk assessment process and communicate risks and impacts to Senior Management.
- Providing support, education and training to staff to build risk and IA awareness within the organisation
- Conducting assessment of IA policy and compliance to standards, including liaison with internal and external auditors.
- Coordinate risk assessment and implementation of IA with Senior Management, Information Technology and other personnel.
- Conduct risk assessment of the information systems, policies and process and collaborate with IT and the business to communicate a greater understanding of risk provide mitigation against that risk, of the information systems
- Deliver risk reporting on information systems in an appropriate way for different audiences, for example, to the board of directors so they understand the most significant risks, to business heads to ensure they are aware of risks relevant to their parts of the business and to individuals to understand their accountability for individual risks.
Skills and experience
Prior experience in a similar role.
Preferable: CISSP / CISSM / CRISC
Knowledge of ISO27001
Demonstrable experience within the designing, implementation and ongoing support of information assurance frameworks.
Demonstrable experience within risk management techniques.
Knowledge of ISO31000, COBIT or other recognised risk management framework.
Knowledge of information technology and associated terminology.
Broad technical understanding of information security.
The successful candidate is probably an experienced Information Assurance Analyst in a service provider or end-user organisation who wants progress their career into a management position and directly influence an organisation’s approach to Information Assurance and security.
This position is part of a rapidly-evolving IT support service operation that is moving much of its customer base to the cloud and so the successful candidate must be able to roll their sleeves up and get stuck in. This is not a role for someone who wants to simply create policy documents and issue edicts; rather this person needs to work with the IT groups to ensure buy-in and help them develop an appropriate level of documentation and process to do their job in a consistent and secure manner. To that end, a broad understanding of IT principles will be essential to building a level of mutual trust and respect with the IT organisation.
The successful candidate will have experience of collaborating with and educating business-focused people in understanding the requirement for, and implementation of, a mature Information Assurance strategy. You must be pragmatic and open to suggestions from the business so that a mutually acceptable level of risk mitigation can be implemented.
This is unlikely to be a suitable role for someone whose primary experience is in compliance or enforcement – the role is all about collaboration, education and mutual benefit to all parties.
+44 (0) 131 220 4748
+44 (0) 131 220 4281