Information Security Coordinator

Department:
Group services
Based:
Hartlebury
Reporting to:
Head of IT / Information Security manager

Purpose

You will be responsible for assisting and driving the continual improvement, testing, implementation, and monitoring of security measures for the Group, working in an already established ISO27001 ISMS. The role will be focused on security risk management, security improvement, incident response planning, security governance and compliance and assurance activities.

Your work will be focused on improving the Group’s security posture through activities including risk assessments, policy development, threat assessments, compliance with security frameworks and regulations, certification with ISO 27001 and Cyber Essentials, incident response planning, incident response exercises, supplier security due diligence and more.

Although not a technical IT role, an understanding of technical security controls and concepts is required covering networks, end point, cloud and application security.

Principle Duties - Information Security

  • Ensure the company’s systems align with both the ISO27001, Cyber Essentials certification’ and any other industry recognised standards such as NIST and NCSC.
  • Carry out risk assessments, identifying controls and monitoring controls against objectives and KPI metrics
  • Drafting, updating, and implementing security policies, procedures, and work instructions
  • Advising on and assisting with implementation of security governance and assurance activities, steering groups, internal auditing, and security testing activities
  • Providing security awareness training and supporting improved security awareness through training and content creation
  • Assist in providing ongoing security assurance of third-party suppliers.
  • Co-ordinate and review vulnerability testing using tools such as Nessus and other tools and undertake risk analyses and security assessments
  • Knowledge share with other team members in security awareness, protocols, and procedures
  • Design and conduct security audits to ensure operational security
  • Respond in a timely manner to security incidents and provide post-incident analysis and root cause analysis
  • Research and recommend security upgrades to improve the company’s security posture
  • To liaise with 3rd parties when required
  • Input into ad-hoc projects when required

Principle Duties - Data Protection

  • To inform and advise team members about obligations to comply with the GDPR and other data protection laws.
  • To monitor compliance with the GDPR and other data protection laws, and with DRPG data protection polices, including managing internal data protection activities, raising awareness of data protection issues, training team members
  • To advise on, and to monitor, data protection impact assessments

This list is not exhaustive, and you will be expected to work flexibly and undertake other such duties as the management may from time to time reasonably require.

Download job summary (PDF) Email your CV today

About You

The Information Security Coordinator needs to be inquisitive, passionate about information security and be self-motivated. This role requires a great attention to detail and advanced analytical skills, as well as a general technical knowledge across all domains.

An understanding of frameworks and controls from ISO27001/27002, NIST, OWASP will be beneficial, and information security qualifications are desirable.

Experience

  • Security+: CompTIA’s base-level security certification
  • An understanding of ISO27001:2013 ISMS and Cyber Essentials standards (ideal but not essential ISO27001 Lead Implementer experience)
  • Detailed Knowledge and Understanding of GDPR

Skills

  • Good communication skills at all levels
  • Good problem-solving and analytics skills
  • Attention to detail

Characteristics

  • Willingness to consistently provide high levels of customer service
  • Positive attitude towards challenging situations and multi-tasking
  • Excellent time management skills
  • Self-motivated with the ability to work individually and as part of a wider team
  • Willingness to learn new skills and develop existing ones
  • Must be committed to making ‘anything possible’ with a ‘can do’ attitude

Other Requirements

  • Able to travel throughout the UK and overseas
  • Driving licence

Data Security

At all times you must work within the guidelines set out in the DRPG Information Security Policy and your Employee Confidentiality Agreement. Failure to do so may be treated as gross misconduct.

Further notes

The role will be based primarily in our Worcestershire head office. There will be times when this role will require you to work from the company’s other offices. You will be expected to work flexibly and undertake other related commercial duties both in the UK and overseas as the company may from time to time reasonably require.

At all times you must work within the guidelines set out in DRPG Health & Safety Policy and Employee Manual.

The company

Established in 1980, we're one of Europe's most experienced and largest, fully integrated, award winning communications agencies. From the strategic communication consultancy, to our complete in-house production facilities for digital media, video, events & print, we deliver to companies of all sizes that span
a wide range of markets.

 

DRPG is an equal opportunities employer.

Like what you see? Let’s work together!

Give us a call on:  0207 937 8057  or email us today on:  anythingspossible@drpgroup.com

Enquire Now

Want to know more about us?

Tailor your newsletters to find out the latest information that will help your company grow.

Sign up