Information Security Officer

Location: London, UK
Reports to: Chief Information Officer

Description
Under the general direction of the CIO, the Information Security Officer (ISO) is responsible for the delivery of a comprehensive information security and privacy programme for Phorm.

The scope of this programme is company-wide and includes information in electronic, print and other formats. The purposes of this programme include: to ensure that information created, acquired or maintained by Phorm and its authorised users, is used in accordance with its intended purpose; to protect Phorm information and its infrastructure from external or internal threats and to ensure that Phorm complies with statutory and regulatory requirements regarding information access, security and privacy.

Primary Responsibilities

• With the CIO, coordinate the development of Phorm information security policies, standards and procedures. Work with key constituencies in the development of such policies
• Ensure that Phorm policies support compliance with external requirements
• Oversee the dissemination of policies, standards and procedures to the company
• Coordinate the development and delivery of an education and training program on information security and privacy matters for employees and other authorized users Serve as the Phorm compliance officer with respect to legal information security policies and regulations. Prepare and submit required reports to external agencies. Enforce security policy for all
• With CIO, develop and implement an Incident Reporting and Response System to address security incidents (breaches), respond to alleged policy violations, or complaints from external parties
• Serve as the official contact point for information security, privacy and copyright infringement incidents, including relationships with law enforcement entities
• Coordinate immediate response to security incidents, and afterwards, prepare detailed report of incident, outcomes, and recommendations arising
• With CIO, develop and implement an ongoing risk assessment program targeting information security and privacy matters; recommend methods for vulnerability detection and remediation, and oversee vulnerability testing
• With CIO, develop and implement security infrastructure and systems, including firewalls, central CA and PKI, and systems for data backup and information integrity including content scanning and virus protection
• Act as the Phorm's representative on Information Security matters; serve as the contact point for external auditors and agencies, survey requests, etc. on security/privacy matters
• Keep abreast of latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities
• With the CIO, develop and oversee company-wide disaster recovery preparations, testing and execution

Qualifications

• The role is a combination of high-level policy development and dissemination, and hands-on work in implementation, enforcement and incident response
• The ideal candidate will have a combination of relevant qualifications (including Education to degree level, and certification such as CISSP), and experience (a strong technical background being essential)
• The personal qualities required are intelligence, adaptability, and the ability to generate and agree objectives with the CIO and intra-company groups, then pursue them effectively and on own initiative, while reporting progress and highlighting changes in timescale or project scope
• Education: Bachelors degree required
• Experience: Minimum 3 years of experience in information security, information technology or related field
• Experience in developing and administering an information security program desirable
• Excellent project management, written and oral communications skills desired
• Ability to work collaboratively with a broad range of constituencies essential

Submit CV
You may send your cover letter and CV (in Word format) to careers@phorm.com.