Passa ai contenuti

Quality, Information Security & Privacy Lead

  • Hybrid
    • Swindon, England, United Kingdom
  • Quality

Job description

This role would suit someone looking to support a small team within a large organisation. Simplifying processes whilst maintaining key standards for the business.

You would be responsible for the management of the ISO 9001 and ISO 27001 management systems, the Cyber Essentials Plus certification, the supplier management of the critical internal supply chain, management of response to third-party information assurance requests, support to bids and tenders on Quality and Security matters; and any future security standards uplift required to support business activities.

 

Scope of Duties

Quality

  • Review and update the Quality Policy and Quality Objectives ensuring they meet the business needs and the annual Business Plan objectives as set by the Country Manager.

  • Conduct annual Quality Management reviews annually in conjunction with the management team.

  • Responsibility for the performance of the Internal Audit function covering both standards.

  • Work with an Internal Audit team to plan scheduled audits then subsequently monitor and report on the performance against plan for the Business year.

  • Manage issues and escalations from the Internal Audit to resolution.

  • Responsibility for the management of the ISO 9001 and ISO 27001 procedural documentation set and management systems.

  • Responsibility for retaining the accredited certification through the certification external audit lifecycle.

  • Work with the accreditor supplier to schedule, organise and run the annual external surveillance/ recertification audits.

  • Work with the management team to publish, manage and remedy corrective action findings arising from external audit in a timely manner.

  • Support the team with the following:

o   remedy corrective actions raised through internal audit findings in a timely manner.

o   conduct business and strategic risk reviews

o   conduct supplier reviews as required.

o   manage customer complaints and compliments to completion.

o   promote continual improvement and management of the organisational change as it affects   the management systems.

o   support the management team to maintain their information asset and physical asset register items.

Information Security

  • Reviewing and updating as approved, the Information Security Policies and Information Security Objectives for the business ensuring they match the Business Plan objectives and strategic direction set by the Country Manager

  • Responsibility for the maintenance of the ISO 27001 related process and procedural documentation set

  • Support the management team with the following:

o   to conduct information security risk reviews regularly

o   to maintain their information asset and physical asset register items.

  • Supplier management of the internal supply chain for Information Security controls with annual service reviews; joint risk management; SLA setting and performance measurement reporting back to the business.

  • Manage security incidents to resolution.

  • Perform required Information Security risk assessments as required for the business.

  • Create Information Security Waivers as required for the business.

  • Work with the Information Security Administrator to monitor and review the staff vetting process.

Cyber Security

  • Manage the business certification Cyber Essentials Plus.

  • Maintain the annual recertification to Cyber Essentials Plus with key supply chain involvement as required.

  • Manage the response to third-party information assurance requests and support to bids and tenders on Cyber Essentials topics.

Corporate Compliance & Privacy

  • Be the focal point for the management of Corporate Compliance requirements flowing down from the higher organisation levels; including but not limited to: Information Security; Cyber Security; Data Protection; Project Delivery; Legislative and Regulatory Compliance.

  • Privacy Governance in monitoring compliance and data privacy updates, advice to staff on the processing of personal data, upkeep of records and the point of contact for local breaches and issues.

Job requirements

Knowledge / Competencies

  • Five years or more experience managing ISO 9001 and ISO 27001 management systems within an IT environment.

  • Training and qualifications to support ISO 9001 and ISO 27001 standards.

  • A professional, self-starting, dynamic and positive attitude

  • Excellent communication and effective inter-personal skills with all levels

  • Excellent organisational skills and attention to detail

  • Experience of stakeholder management and able to influence at Senior Management Team levels.

  • Ability to multitask and prioritise workload.

  • Excellent planning and time management skills

  • Strong functioning knowledge of:

o   MS Project

o   Office 365

o   Cyber Essentials management and certification experience

  • Functioning knowledge of:

o   Project Server/ Enterprise Project Management System

o   SharePoint document libraries/ versioning and approvals

o   Knowledge of DevOps would be advantageous.

  • Desirable to have an understanding of software delivery and software testing lifecycles and experience working in a software environment.

  • Familiarity with Public Safety Command and Control/ Geospatial/ Infrastructure and GIS/ Defence solution supplier environments would be highly desirable.

Essential

  • Full, preferably clean driving licence

  • All candidates must either be security cleared or be prepared to obtain security clearance to SC (Security Check) and NPPV3 (Non-Police Personnel Vetting level 3) level. All job offers will be conditional subject to the candidate SC and NPPV3 level clearance prior to employment.

  • Lived in UK for at least the last 3 years to obtain clearance.

 

We Offer You

  • Hybrid Working

  • 25 days holiday (plus statutory holiday)

  • Employee award Schemes

  • Service award recognition

  • Company pension

  • Private health cover

  • GP online service

  • EAP support

  • Life cover

  • Good team culture

or

Apply with Linkedin unavailable
Apply with Indeed unavailable