POSITION OVERVIEW: This role sits within the Information Security Team and will support the development, implementation and execution of the Information Security Management System to protect the business from security threats. You will support in a range of security related activities such as security risk and threat assessments, 2nd line of defence control testing, monitoring and reporting of security compliance against ISO 27001 and GDPR compliance activities. PRINCIPAL TASKS AND RESPONSIBILITIES Contributing to risk assessments, helping to identify security risks, threats and appropriate mitigation measures. Monitoring of technology, process and people-based security initiatives and risk mitigation measures to ensure continuous improvements within our information security framework. Supporting the annual information security business plan including audits, tests, risk assessment activities and additions to the information security delivery framework, e.g. policy updates. Supporting third party security due diligence activities. Completion of GDPR compliance activities such as data protection impact assessments, responding to data breaches and data subject access requests. Helping to promote and foster a strong awareness of information security and data protection throughout City. Other similar duties deemed appropriate for the role and skillset. KEY RESULT AREAS Maintenance of ISO 27001 certification Alignment to NIST CSF target maturity Compliance with GDPR requirements Compliance with customer specific security requirements SKILLS/EXPERIENCE CRITERIA ESSENTIAL DESIRABLE Professional/Academic/ Vocational Qualifications Degree level qualification or equivalent experience in Information Security or other related course Relevant security certifications such as ISC2 Certified in Cybersecurity; CompTIA Security etc. Specific Knowledge Awareness of information security best practice standards such as ISO 27001/NIST CSF Awareness of GDPR and other related data privacy guidance Data loss prevention Technical knowledge of computer networks, operating systems and security technologies Audit & risk assessment processes Specific Skills Ability to build relationships with a variety of stakeholders Strong risk-based analysis and decision-making skills Strong communications skills (verbal and written) Control testing PowerBi reporting Demonstrated Behaviours Good business sense Proactive Willing to learn Problem-solver mindset Excellent interpersonal skills Creativity Communicate Up, Down, and Across All Levels of an Organisation Pragmatic and flexible approach