Information Security Compliance Officer

King's Service Centre

King's Service Centre is home to an innovative and forward-thinking team supporting the services of King's College London.

Department: Office of the CIO - Office of the CIO

Employment Type: Permanent - Full Time

Location: Newquay, Cornwall, UK

Description

Information Security Compliance Officer

The Information Security Compliance Officer has a joint reporting line to both the Head of IT Assurance and the Associate Director of Information Security Assurance. Their work is reported on a termly basis to the Audit, Risk and Compliance Committee, and internal information security governance groups quarterly.

The role will focus mainly on supporting compliance with the ISO/IEC 27001 and ISO/IEC 27005 Standards for the University, as well as contributing to building and maintaining the Information Security Management System that coordinates internal policies and processes. Other aspects to the role include an internal audit function to support standards and continual improvements.

Our people are at the heart of King’s strategic ambitions. By supporting our staff to develop their potential within a positive and inclusive culture, we are building a thriving staff community. As such, it is essential that the candidate upholds our Principles in Action by displaying the four key behaviours: include, challenge, support, and connect.

This role is based within the IT Assurance team at King’s Service Centre in Cornwall; however, there will be some need to travel to the London campuses.

Key Responsibilities

1. Support the Associate Director of Information Security Assurance in developing the compliance elements of ISO/IEC 27001:2022.
2. Monitor the University’s compliance with regulations and internal policies.
3. Contribute to the development of ongoing key performance indicators.
4. Contribute to the improvement of information security culture across the University by building relationships and supporting best practices through recommendations.

The above list of responsibilities is not exhaustive, and the post holder will be required to undertake such tasks and responsibilities as may be reasonably expected within the scope and grading of this post.

Key Skills, Knowledge and Experience

The role holder should possess a good working knowledge of information security best practices, but it is not essential for them to have a deep knowledge of all areas. These areas include, but are not limited to:

1. ISO/IEC 27001:2022, 27002:2022 and 27005:2022 Standards
2. NIST and CIS Controls
3. Payment Card Industry Data Security Standards (PCI DSS)
4. Compliance monitoring and auditing
5. Development of information security-related policies

While it is helpful for the role holder to have some knowledge and experience in a selection of these areas, it is more important that they can research the legislative and regulatory frameworks that impact departments across the University and can apply critical judgement to the performance of management against that framework. Candidates who have a background in operational IT Security, Cyber Security, or in internal audit or assurance assessment will be well suited to this role. In addition, the successful candidate will be expected to be well-organised, thorough, and have an eye for detail. They will be expected to complete work on their own, exercising their own judgement and have the ability to communicate with all levels of staff, including the ability to negotiate outcomes with senior management. Experience of completing compliance assessments or performing the collation and analysis of appropriate information to meet compliance questionnaires or audits would be beneficial.

Essential Criteria:

1. A good understanding of current technical security products used as operational IT security controls.
2. An ability to thoroughly research and understand all legal and regulatory frameworks which apply to Higher Education in England, to provide appropriate levels of assurance on activity at the University.
3. Thorough understanding of risk management and an appreciation of the effective application of risk appetite.
4. An ability to influence, negotiate and build relationships at all levels of the organisation.
5. An ability to prepare reports with an appropriate level of detail for the anticipated audience, including an ability to make practical recommendations for remedial actions.
6. Team player, but with an ability to work independently and proactively to a set of high-level criteria.
7. Rigorous, analytical approach with an eye for detail.
8. Ability to work under pressure and to deadlines, and to coordinate with others to meet internal team deadlines.
9. Excellent relationship-building skills.
10. Excellent presentational skills in both written and oral communications.

Desirable Criteria:

1. Experience or detailed understanding of the UK Higher Education system.
2. Certification in any of the following: ISO 27001 (Foundation or Lead Implementer), ISO 27001 Lead Auditor, CC, CompTIA Security+.