Exciting opportunity for an experienced Information Security Officer to join global professional services organisation based in Glasgow.
You will have a key role in ensuring the security of their systems and data by evaluating the risks associated with third-party vendors and internal projects and recommending appropriate risk mitigation strategies.You will work closely with cross-functional teams across the organisation to ensure compliance with security standards and best practices.Key responsibilities will include:
1. Conduct vendor risk assessments and project security risk assessments based on established methodologies and frameworks.
2. Evaluate security risks associated with third-party vendors and internal projects, considering factors such as security, privacy, and compliance.
3. Identify vulnerabilities and potential risks and provide recommendations for risk mitigation strategies.
4. Ensure compliance with security policies, standards, and procedures in vendor relationships and project activities.
5. Develop and maintain security assessment frameworks and methodologies for vendor risk assessments and project security risk assessments.
6. Collaborate with procurement teams to assess and manage security risks associated with vendors.
7. Review vendor security documentation, such as questionnaires, audits, and certifications, to evaluate their security posture.
8. Provide guidance to procurement teams regarding security requirements and standards for vendor selection and ongoing monitoring
9. Apply risk management principles to identify, assess, and prioritise security risks.
10. Conduct periodic reviews and audits to ensure compliance with security policies, standards, and regulatory requirements.
11. Support the development and enforcement of security policies, standards, and procedures related to vendor management and project security.
12. Risk and Control - Ensure that all activities and duties are carried out in full compliance with our regulatory requirements and internal policies.
Essential Skills And Experience:
13. Bachelor's degree in Computer Science, Information Technology, or a related field (or equivalent work experience).
14. Professional certifications such as CISA, CISM, or similar credentials are preferred.
15. Strong knowledge of information security principles, best practices, and standards (e.g., ISO 27001, NIST).
16. Experience in conducting vendor risk assessments and project security risk assessments.
17. Familiarity with security frameworks and assessment methodologies.
18. Knowledge of regulatory requirements related to data privacy and protection (e.g., GDPR, CCPA) is a plus.
19. Strong analytical and problem-solving skills.
20. Excellent written and verbal communication skills.
21. Ability to work independently and collaboratively in a team-oriented environment.
22. Attention to detail and a commitment to maintaining high-quality standards.
This role will offer a competitive market salary and comprehensive Benefits package.
Hybrid work - with 3 days per week in their Glasgow office.