Information Security Auditor
We are looking for an experienced Information Security Management System operator to be the key point of contact for a number of security and regulatory roles, this includes dealing with data protection ( ICO ) and Payment regulators ( FCA ).
Working in a security compliance team alongside our (outsourced ) statutorily defined Data Protection Officer, and ( for data protection legislation purposes ) representative within the EU.
Internally the Information Security Auditor operates or oversees a number of key functions – this includes leading security breach investigation, project management of aspects of our ( nascent ) PIA processes, running day to day ISO 27001 ISMS operations including supplier management processes, running our senior management security forum ( security management forum ), running risk management operations, owns documentation used by the sales team and other internal stakeholders for security audit and customer due diligence.
You will be joining at a key point in Intelliflo’s growth – as Intelliflo pivots from the market leader in the UK recently acquired by Invesco. To deploy our Intelligent Office platform globally, and as we start to transition from our datacenters to deploying globally on AWS.
Key Responsibilities: High-level Responsibilities
• Leading and projecting managing security breach investigations and follow up.
• Very strong understanding of the security aspects of the Data Protection Act 2018, National Infrastructure Services Directive and the Payment Services Regulations that Intelliflo is subject to and regulated under.
• Understanding of running Data Subject Rights investigations and complaints.
• Developing a good understanding of our SaaS platform and an understanding of financial advice, which will be critical in their role.
• Dealing with requests from our regulators.
ISO 27001 ISMS
• Operating our Information Security Management System (ISMS)
• Operating and developing a risk register as a project management system.
• Operating and developing our Supplier Management processes.
• Working with senior stakeholders in Risk and Security Management meetings.
• Managing the completion of recurring customer due diligence activity and related new customer due diligence activity.
The successful candidate will be responsible for successful operation of our infrastructure, which will include, but is not limited to:
• Understanding of SaaS or hosting businesses.
• Strong understanding of the intersection of security and data protection theory, relevant legislation and how it is applied by regulators.
• Strong understanding of the security aspects of payment services regulation, how we are regulated under these and what this requires us to do.
• Understanding how to operate a multi regulation compliance framework.
• Able to understand technology such that you can effectivity audit internal security functions.
• Vendor liaison for technical solution engagements.
• Providing mentoring and knowledge transfer to colleagues.
• Any other related duties as assigned by the Line Manager from time to time.
KPIs and Measures: • Declining number of Issues found in Audits.
• Data Subjects Rights requests processed to appropriate deadlines.
Key Deliverables: • SaaS hosting platforms – performance, security, availability, recoverability
• Back office platforms – performance, security, availability, recoverability
• Systems documentation
• Systems utilisation, capacity and performance reports
• Environment provisioning as required by delivery
Direct Reports: • None
Stakeholders: • Senior Management Team, in particular Head of Operations, head of Architecture, CEO and CTO
• Data Protection officer.
• Invesco Privacy Team and Chief Privacy Officer
• Intelliflo Legal ( DAC Beachcroft and Invesco Legal )
• Operations Team
• Technical Architects
• Project Managers
• Application Support Team
• Account Management Team and Sales
• Third-party suppliers, consultants
• Enterprise Customers
• Business Intelligence Team
Competencies: Personal Skills
• Able to express and explain complex regulatory or ISMS issues to colleagues and stakeholders in simple business focussed language.
• Strong organisational and time management skills
• Able to maintain an understanding of the evolving regulatory landscape.
• Proven planning and prioritisation abilities.
• Able to use initiative and work under pressure with accuracy and focus.
• Problem solving.
• Understanding of project management, how projects are planned and executed.
• Excellent numeracy, data rationality and decision making.
• Outstanding collaboration and team working.
• Excellent communication, both written and verbal.
• An understanding of the financial advice market place in the UK
Essential Functional Skills
• Strong leadership.
• Understanding how to operate and develop our ISMS
• Understanding the overlap between our regulatory regimes, and how to create a single Compliance Management system subject to multiple regulatory regimes.
• Understanding of how tasks should be automated.
• Creating and managing documentation and policy documents.
• Strong understanding of technology businesses.
Desirable training and knowledge
• GDPR lead practitioner, ISO lead auditor or implementer or other data protection qualifications
Qualifications: Required qualifications
• Degree level education in computer science, technology or related discipline or a number of years working in a technology company.
• ISO lead auditor ( ISOQAR ).
• ISO lead implementer ( ISOQAR ).
• GDPR lead practitioner or other data protection qualifications
Not for you? Share with a friend
Referral Scheme: If this role isn’t for you then perhaps you could recommend a friend or colleague to Haybrook IT. If we go on to place that person in a permanent or temporary capacity then you could be rewarded with £500!! You can find the scheme terms and conditions here.
Haybrook IT Resourcing is Oxford’s leading IT Recruitment agency. With exclusive access to some of the region’s most successful companies, send in your CV today to secure your next IT position.
Haybrook IT Resourcing Ltd acts as an employment agency and an employment business.
We value diversity and always appoint on merit.