Information Security and Assurance Advisor

JOB PURPOSE: To provide expert guidance and specialist advice on all aspects of information assurance, security, and risk management. The role ensures the development and implementation of relevant policies, procedures, and processes necessary for compliance with national standards and codes of connection for information systems. This role includes maintaining the Information Security Incident Register, coordinating investigations into reported incidents, and recommending corrective measures to prevent recurrence. The postholder will also undertake onsite audits of facilities and assessments of third-party suppliers to ensure compliance with expected security and assurance standards. Additionally, the role supports departments with completing Data Protection Impact Assessments and offers professional advice on information assurance and security-related matters.

MAIN RESPONSIBILITIES:

• Support the Information Security and Assurance programme to ensure assurance and compliance processes meet national standards and reporting requirements (e.g. SyAP).
• Develop, review, and implement policies and best practices for managing information and cyber security, in alignment with organisational needs.
• Establish and apply techniques to regularly assess compliance of information assets with legal, regulatory, and best practice requirements.
• Serve as a point of contact for queries on information security and assurance.
• Plan and conduct information security audits and compliance checks, ensuring the security of systems, data, and physical assets across the organisation and third-party entities.
• Identify and assess security requirements, producing Risk Assessment Reports and reviewing related documentation for new or evolving systems, assets, and processes.
• Coordinate the investigation and reporting of information security incidents, ensuring appropriate remedial action is taken and trends are monitored.
• Prepare and deliver training, education, and awareness sessions related to information security, assurance, and risk management.
• Work collaboratively with key internal and external stakeholders-including third-party suppliers-ensuring best practices and compliance with relevant legislation and standards.
• Stay informed on developments in legislation, practices, and tools related to information security and data protection, fostering continuous improvement and innovation.
• Represent the organisation in internal and external meetings, promoting information security standards and contributing to relevant partnerships and working groups.
• Perform other duties as appropriate to the nature and level of the role.

Regular travel across operational areas may be required.

PERSON SPECIFICATION

Knowledge:

• A Levels or equivalent.
• Recognised qualification in information security, data protection, or risk (e.g. CISM, CISSP, CRISC, BCS DPO, etc.).
• In-depth understanding of ISO 27001, NIST, or other relevant security frameworks.
• Up-to-date knowledge of data protection legislation and associated best practices.
• Understanding of cross-functional areas affecting security (e.g. HR, procurement, tech infrastructure).
• Familiarity with principles of information confidentiality, integrity, and availability.

Experience:

• Operational delivery of security assurance in a multi-site environment.
• Managing compliance with standards like PSN or SyAP.
• Developing and enforcing information security and assurance policies.
• Performing internal audits and managing accreditation processes.
• Facilitating high-level stakeholder engagement.
• Collaborating with external agencies and partners on security issues.

Key Skills:

• Ability to manage workloads, meet deadlines, and adapt to changing priorities.
• Strong communication and interpersonal skills for influencing and explaining complex topics.
• Discretion and professionalism when handling sensitive information.
• Capability to work independently on complex investigations.