Career Level Not Specified
Experience Not Specified
Industry Not Specified
Qualifications Not Specified
• To promote information security practices throughout the Council. To develop and deliver information security awareness training to motivate employees to make compliance and information security an inherent part of the corporate culture.
• To develop and maintain Information Security policies and procedures.
• To conduct Information Security related audits and assist with any other Information Security tasks necessary to prevent the unauthorised use, release, modification or destruction of data.
• Recommend and implement changes in security policies and practices in accordance with changes in regulatory compliance.
• Manage the Council’s information security incident reporting process ensuring that incidents are recognised, properly investigated and recorded and that lessons are learned. To lead on investigations and liaise with third parties, including the Information Commissioners Office, when required.
• Work with project teams to ensure that new projects and changes adhere to information security policies and information management best practice by championing and supporting the corporate wide adoption of Privacy Impact Assessments to support a ‘security by design’ culture.
• Take forward a programme of work on behalf of the Council’s Information Governance Group and lead on significant business change projects as required.
Skills & Experience:
* Detailed knowledge and practical understanding of legislation, regulation, policies, procedures and standards for information management.
* Practical knowledge of information security principles and best practice.
* Experience of successfully developing and delivering security awareness training to staff at different levels of an organisation.
* Experience in managing information security risks and investigating and reporting on incidents.
* Experience of conducting Privacy Impact Assessments.
* Experience of securely handling sensitive material with a high level of accuracy and attention to detail.
Relevant Information Security qualification