Information Security GRC Specialist - 6 month FTC - Milton KeynesAbout MIB At MIB our people are passionate about making roads safer by getting uninsured and hit-and-run drivers off our roads. Working in partnership with the Police, Insurers and Government our collective aim is to make it a thing of the past but, until that’s accomplished, we’re here to compensate victims quickly, fairly and compassionately. Last year we helped more than 34,000 people struck by uninsured and hit-and-run drivers and paid over £400 million in compensation to support victims rebuild their lives. We're looking for a professional and inspiring GRC Specialist to come and join our team. About Our Role As a member of the Information Security - Governance Risk and Compliance team (InfoSec GRC), you'll maintain the confidentiality, availability and integrity of MIB’s information and information systems. This will primarily be achieved through identification and recommendation of risk mitigation treatment plans and as a subject matter specialist to support the needs of the organisation. Key responsibilities Governance Support the GRC Manager with the development, alignment of an Information Security StrategyDevelopment, review and alignment of Information Security PolicyCreate, deliver and maintain information security awareness programmesEnsure InfoSec policies, procedures and standards are accessible, communicated and understood by employees, contractors and vendors, delivering training when required. Attendance of relevant governance groups within MIB to ensure complete, transparent and effective risk management is delivered Producing management information (Dashboard) that clearly reflects MIB’s information security risk profileEstablish and maintain a community of Information Security ‘Champions’ throughout the organisationAct as an Information Security subject matter specialist to the businessEstablish mechanisms, behaviours and culture to encourage the protection of MIB information and information systems Risk Management and maintenance of the ISS Risk Register, ensuring risks are actively identified and managed or exemptions are approved and recorded.Completion of InfoSec risk assessments and workshops.Ensuring that InfoSec risk governance and control frameworks are maintained and that risks/issues are reported and escalated appropriately.Review, challenge and track the implementation and effectiveness of controls and risk mitigation treatment plans as a result of a risk assessmentEnsure appropriate management focus for any vulnerability that could damage the confidentiality, integrity or availability of MIB information or information systems.Track and record information security incidents and to ensure risk mitigation controls are appropriate and proportionate and that exposure is minimized.Support the Information Security Incident response process as requiredFacilitate a process of continuous improvement in the delivery of information security services to MIB Compliance To work with all teams to track requirements and compliance with relevant Legislation, Regulations, Standards and Frameworks as they pertain to Information SecurityEnsure compliance is maintained with our critical security compliance certification of ISO27001 Measure the performance and compliance of key MIB controls which include (but are not limited to): MIB information security policiesDelivery governance gateways Technical controlsDevelop, implement and maintain a rolling 12-month compliance schedule Skills and Experience The jobholder must have a thorough understanding of the Information security threat landscape, significant risks, technical developments and strategiesExtensive experience in the IT marketplace, as a security practitionerExperience and knowledge of leading information security risk assessmentsProven experience in writing Information Security policies, procedures and standardsExperience in maintaining all aspects of ISO27001/2 complianceWorking knowledge of standard risk management/control frameworks such as ISF, NIST, ISO and ITIL.Demonstrable experience in creating a sustainable compliance capabilityExcellent written and oral communication skillsAble to present risk in ‘non-technical’ business-friendly accessible languageAbility to effectively prioritise and execute tasks in a high-pressure environment One or more of the following qualifications are highly desirable. Certified Information Systems Security Professional (CISSP)Certified Information systems Auditor (CISA)Certified Risk and Information Systems Control (CRISC) Salary £67,000 Fixed Term Contract for 6 months Grade 13 35 hours per week (Monday - Friday) IT kit supplied to you £320 (before tax) start up allowance Hybrid working (2 days in the office per week) from our newly refurbished Milton Keynes office, MK14 Other Benefits include: Contributory Group Stakeholder Personal pension scheme Life Assurance Employee Incentive Scheme 27 days holiday (plus public holidays) Holiday purchase scheme Sports and Social Club 24/7 Employee Assistance Programme Free access to online tools to support mental and physical health Enhanced maternity, paternity and adoption leave 1 volunteer day each year and charity matched funding scheme We believe in a workplace where everyone can be themselves. Through our different ideas, personalities and experiences, we redefine what is possible every day. And regardless of your colour, age, race, gender, sexual orientation or anything else you consider yourself to be, there is a place for you at MIB. A place where you can bring your best self to work every day. So, if you think big, love a challenge and want to make a difference to people’s lives, we want to hear from you.