Information Security Grc Specialist

About MIB

At MIB our people are passionate about making roads safer by getting uninsured and hit-and-run drivers off our roads. Working in partnership with the Police, Insurers and Government our collective aim is to make it a thing of the past but, until that’s accomplished, we’re here to compensate victims quickly, fairly and compassionately. Last year we helped more than 34,000 people struck by uninsured and hit-and-run drivers and paid over £400 million in compensation to support victims rebuild their lives. We’re looking for a professional and inspiring GRC Specialist to come and join our team.

About Our Role

As a member of the Information Security - Governance Risk and Compliance team (InfoSec GRC), you’ll maintain the confidentiality, availability and integrity of MIB’s information and information systems. This will primarily be achieved through identification and recommendation of risk mitigation treatment plans and as a subject matter specialist to support the needs of the organisation.

Key responsibilities

• Governance
  • Support the GRC Manager with the development, alignment of an Information Security Strategy
  • Development, review and alignment of Information Security Policy
  • Create, deliver and maintain information security awareness programmes
  • Ensure InfoSec policies, procedures and standards are accessible, communicated and understood by employees, contractors and vendors, delivering training when required.
  • Attendance of relevant governance groups within MIB to ensure complete, transparent and effective risk management is delivered
  • Producing management information (Dashboard) that clearly reflects MIB’s information security risk profile
  • Establish and maintain a community of Information Security 'Champions' throughout the organisation
  • Act as an Information Security subject matter specialist to the business
  • Establish mechanisms, behaviours and culture to encourage the protection of MIB information and information systems
• Risk
  • Management and maintenance of the ISS Risk Register, ensuring risks are actively identified and managed or exemptions are approved and recorded.
  • Completion of InfoSec risk assessments and workshops.
  • Ensuring that InfoSec risk governance and control frameworks are maintained and that risks/issues are reported and escalated appropriately.
  • Review, challenge and track the implementation and effectiveness of controls and risk mitigation treatment plans as a result of a risk assessment
  • Ensure appropriate management focus for any vulnerability that could damage the confidentiality, integrity or availability of MIB information or information systems.
  • Track and record information security incidents and to ensure risk mitigation controls are appropriate and proportionate and that exposure is minimized.
  • Support the Information Security Incident response process as required
  • Facilitate a process of continuous improvement in the delivery of information security services to MIB
• Compliance
  • To work with all teams to track requirements and compliance with relevant Legislation, Regulations, Standards and Frameworks as they pertain to Information Security
  • Ensure compliance is maintained with our critical security compliance certification of ISO*****
  • Measure the performance and compliance of key MIB controls which include (but are not limited to): MIB information security policies, Delivery governance gateways, Technical controls
  • Develop, implement and maintain a rolling 12-month compliance schedule

Skills and Experience

• The jobholder must have a thorough understanding of the Information security threat landscape, significant risks, technical developments and strategies
• Extensive experience in the IT marketplace, as a security practitioner
• Experience and knowledge of leading information security risk assessments
• Proven experience in writing Information Security policies, procedures and standards
• Experience in maintaining all aspects of ISO******* compliance
• Working knowledge of standard risk management/control frameworks such as ISF, NIST, ISO and ITIL.
• Demonstrable experience in creating a sustainable compliance capability
• Excellent written and oral communication skills
• Able to present risk in 'non-technical' business-friendly accessible language
• Ability to effectively prioritise and execute tasks in a high-pressure environment
• One or more of the following qualifications are highly desirable: Certified Information Systems Security Professional (CISSP), Certified Information systems Auditor (CISA), Certified Risk and Information Systems Control (CRISC)

Salary £67,000

Fixed Term Contract for 6 months

Grade 1335 hours per week (Monday - Friday)

IT kit supplied to you

£320 (before tax) start up allowance

Hybrid working (2 days in the office per week) from our newly refurbished Milton Keynes office, MK14

Other Benefits include:

• Contributory Group Stakeholder Personal pension scheme
• Life Assurance
• Employee Incentive Scheme
• 27 days holiday (plus public holidays)
• Holiday purchase scheme
• Sports and Social Club
• 24/7 Employee Assistance Programme
• Free access to online tools to support mental and physical health
• Enhanced maternity, paternity and adoption leave
• 1 volunteer day each year and charity matched funding scheme

We believe in a workplace where everyone can be themselves. Through our different ideas, personalities and experiences, we redefine what is possible every day. And regardless of your colour, age, race, gender, sexual orientation or anything else you consider yourself to be, there is a place for you at MIB. A place where you can bring your best self to work every day. So, if you think big, love a challenge and want to make a difference to people’s lives, we want to hear from you.