Information Security and Assurance Advisor
Permanent
Full time
To provide professional guidance and specialist advice with regard to all information assurance, security and risk matters and ensure development and implementation of all necessary policies, procedures and processes to achieve compliance with national codes of connection for Police information systems and the SYAP.
To support the maintenance of the Warwickshire Police Information Security Incident Register, manage and coordinate the investigation of reported incidents and if required make recommendations on corrective measures to prevent a re-occurrence.
To undertake onsite auditing of Police facilities for information security and assurance issues, and undertake 3rd Party Supplier assessments to ensure they meet expected security and assurance compliance levels.
To support departments with completing data protection impact assessments and providing information assurance and security advice and guidance on matters.
To support the Warwickshire Police Information Security and Assurance programme to enable appropriate assurance and compliance processes and ensure they meet with wider mandatory information security and assurance requirements and national reporting standards. To develop, review and implement policies and best practice for the ongoing management and maintenance of information security and cyber security management. And to support the work of the Information Assurance Team and Cyber Security functions within the Force.
# To implement processes and techniques to regularly assess information assets for compliance with security policies, national policing and best practice information assurance standards, legal and regulatory requirements.
# To be a point of contact for information security and assurance queries.
# To plan and undertake information security audits and compliance checks to ensure the physical and data security protection of all information systems and information assets. Ensuring compliance with information security requirements, national guidance, standards, policies, and information risk management, covering both the Force and relevant Suppliers and 3rd parties
# To identify information security and assurance requirements creating Risk Assessment Reports and/or reviewing other associated assurance documentation, where there are new or changed processes, information assets or activities; working with business areas and project leads to ensure that appropriate assurance is undertaken and documented.
# Co-ordinate investigative and reporting action of all actual and suspected information security incidents, ensuring that action is taken to prevent reoccurrence and incident trends are monitored to inform organisational learning.
# To prepare and deliver information security training, education, and awareness in relation to information security, information assurance and information risks.
# To actively engage all key stakeholders, including partner agencies and third-party suppliers, sharing, storing or processing information owned by Warwickshire Police in the application of information security best practice and relevant standards, ensuring compliance with legalisation, statutory requirements, national and best practice standards Home Office legislation and statutory guidance.
# To maintain awareness and up to date knowledge of all current relevant information security management and data protection legislation, methods and practices ensuring that an environment of continuous improvement, innovation and emerging best practice are evaluated.
# Regular travel throughout Warwickshire
To hold a recognised information security, data protection or information risk qualification qualification (e.g Certified Information Security Manager (CISM), CISSP, GCRC, CRISC, DP PDP, BCS etc)
Sound practical knowledge of current Information Security Cyber and Assurance Management standards and best practice (including ISO 27001/NIST Framework).
Sound practical knowledge of current data protection legislation, standards and practice.
Knowledge and understanding of the Technical, Human Resource, Procurement, Project, and Physical Security issues that impact upon information security and assurance.
Able to demonstrate a good understanding of information security concepts and practices concerned with maintaining the confidentiality, integrity, and availability of information.
3rd party and onsite security and assurance auditing
Experience of operational delivery of information security in a multi-site organisation.
Demonstrable experience of Public Sector Network (PSN)/Syap compliance requirements including evidenced understanding of maintaining accreditation.
Experience of developing and implementing information security and assurance policies and procedures.
Experience of liaising with other organisations and agencies on information security matters.
Ability to undertake sensitive enquiries with limited supervision and to manage and keep secure sensitive material.