Information Security Officer 42024

Job ID:42024
Location:Birmingham : 1 Trinity Park : Bi
Position Category:Information Technology
Position Type:Employee Regular

Who are LRQA

LRQA stands for dedication to clients market firsts and deep expertise in risk management. Weve grown to become a leading global assurance provider bringing together outstanding expertise in certification customised assurance cybersecurity inspection and training.

While were proud of our heritage its who we are today that really matters because thats what shapes who we and our clients can become tomorrow. By staying true to our shared values and combining decades of collective experience we support our clients in building a safer and more sustainable future.

LRQA currently operates across 50 countries has more than 2500 colleagues generates 315m in revenue and supports more than 60000 clients across a diverse range of sectors and markets.

Role Purpose:

A Information Security Officer (ISO) is required to support LRQAs global operations to develop improve and maintain the organisations Information Security capability. Working closely with the Global CISO the role will support the creation development and implementation of the Information Security strategy and operations.

The Information Security Officer will play a crucial role in servicing client requirements relating to information security (including Military Defence and Critical National Infrastructure) whilst working with stakeholders across the globe to identify manage and assess information security risks. The ISO will work proactively with Clients IT Operations Security Operations Legal Procurement Learning and Delivery Teams to reduce mange risk increase awareness and champion adherence to our Information security processes policies and procedures.

Key Responsibilities:

• Developing and maturing our supply chain verification. Working with suppliers and clients to ensure our security requirements and those of our clients are being proactively evidenced and managed.
• Manage maintain and continually improve LRQAs ISMS. Identifying areas for improvement within the ISMS and take ownership of developing and executing plans for their resolution.
• Lead and manage all certification activities related to ISO 27001:2022. Ensure that any business changes acquisitions or transformations are accounted for within the scope of certification. For example through proactive risk identification and management with IT assets owners.
• Development and championing all Information Security Policies Procedures and relevant standards and produce supporting documentation and training material. Produce supporting documentation and create training materials to ensure organizational compliance.
• Orchestrate continual improvement cycle using the 3 lines of defence to monitor and manage IT risk. Advocating for information security and provide guidance on its impact to business operations.
• Work with newly acquired businesses to understand their existing security posture. Establish risk monitoring processes and integrate security practices in line with the overall organizations framework.
• Proactively identify information security deficiencies or opportunities for improvement and facilitating development of pragmatic solutions
• Working with the DPO to ensure appropriate security is applied to data and provide reports / subject access requests
• Designing and delivering continual education and training to our colleagues to support them in identifying risks in their daytoday operations. For example using Phishing Simulations and awareness campaigns.
• Managing the security training induction and awareness program for staff and volunteers across the organisation
• Providing advisory and consulting support to help the organisation improve its security posture and adhere to security policies expected controls & regulatory requirements

To conclude the ISO is expected to keep up to date with the latest cyber security developments news market trends and use this information to support the continual improvement in information security across LRQA Group. The ISO is expected to be highly autonomous technology astute and ability to shape their own learning based on industry trends to aide LRQA and LRQA to deliver secure solutions to their clients.

The successful candidate should be able to demonstrate the following key skills:

• Strong problemsolving skills with the ability to think strategically.
• Detailoriented with the ability to manage multiple projects and tasks effectively.
• Ability to drive cultural change and promote security best practices across the organization.
• Experience working in a global multibusiness environment is a plus.

Technical/Professional Qualification requirements:

• Proven experience in Information Security Management and IT risk management.
• Indepth knowledge of ISO27001 to Lead Auditor standard.
• Knowledge of relevant regulations (Data Protection DORA NIS2
• Knowledge of Three Lines of Defence Model and its application
• Knowledge of vulnerability management and Identity and Access management
• A recognised IS qualification (e.g. CISA CISM CISSP ISO 27001 Lead Auditor)

Our Values:

We care

We care about the safety of everyone.

We respect each other and the wider communities we work in.

Were passionate about giving back to society leaving the world a better place than we found it.

We care about each other our customers and the environment.

We share our expertise

We strive to be the leaders in our profession with unparalleled expertise.

Were committed to quality and work together to find the best solution.

Were inquisitive and curious and never stop learning to further our knowledge.

We share our expertise with each other with our customers and with all of our stakeholders.

We do the right thing

Were independent and impartial.

We show integrity in everything we do.

Were brave and courageous and we never compromise on standards or safety.

We do the right thing in every situation.

Diversity and Inclusion at LRQA:

We are on a mission to be the place where we all want to work and we are passionate about embracing different perspectives because we understand the value this brings to our business our clients and each other. We are all about creating a safer and more sustainable future and our inclusive culture is right at the heart of our business.

Together our employees make our communities better and we want you to be part of our diverse team!

LRQA is a leading global assurance integrity and expertise we bring to our partnership with clients support their journey to a safer more secure and more sustainable future. Group entities.

Copyright LRQA 2021. All rights reserved. Terms of use. Privacy Policy.