Security and Compliance Officer
Advanced | Operations (Managed Services) | Birmingham, England
Advanced is the UK’s third largest provider of business software and services with a £254m turnover, 16,000 customers and 2,500 employees. We provide enterprise and market-focused solutions that allow our customers to reimagine what is possible, innovate in their sectors and improve the lives of millions of people in the UK.
Advanced solutions help to care for 65 million patients in the UK, send 10 million sports fans through the turnstiles, manage over £1 billion in charity donations, support 2.5 million students and get over 1.2 billion passengers to their destinations on time.
We support both Public and Private Organisations in Healthcare, Business, Education, Sports, Finance, Transport and Legal, covering everything from local Government and Charities through to Critical National Infrastructure and Large organisations.
Information Security is a key requirement of any business and even more so for Advanced. To do this we need to challenge the status quo, collaborate, standardise and automate in order to build and improve relationships with our current and future clients.
The Security Compliance team are responsible for the delivery of Governance, Risk and Compliance (GRC) across the business enabling services to our customers. You will be part of a wider team covering all aspects of Information Security and reporting into the Security Compliance Manager.
Main Duties and Responsibilities
This is a key leadership role with a strong focus on people, process and tooling; your remit will cover all aspects of GRC.
· Audit – Support the business to achieve ISO 27001, 9001, 14001 certification.
· GRC - Provide Governance, Risk and Compliance expertise.
· Standards - Investigate, Educate and Audit internal business teams for compliance against ISO 27001, 9001, 14001 and where applicable PCI DSS. Continue ISO 27001 business wide implementation.
· Risk – Support Identification of Information Risk for Advanced and advise on best practice in support of customers.
· Policy – Support development of Security Policies and Standards.
· Advice - Provide advice and guidance to other business units on ISO best practice.
· Improve - Continually improve services and skills.
· Travel – Travel will be require to our business site Nationally and occasional International travel.
Skill and Knowledge Requirements
We are looking for someone who has experience working with and achieving ISO certification in three core areas. You should be familiar with external audit requirements and the ability to implement Policy, Process and Process and Procedure in order to achieve the required certification. As a security team we are looking to be two steps ahead and would benefit from a proactive approach to achieve this.
You will be able to demonstrate the following:
· Professional Industry experience – Essential
· Professional Information Security qualifications (Including ISO 27001 Lead Auditor) – Essential
· Knowledge of Data Protection Act (2018) / GDPR.
· A proven track record implementing management systems – ISO 27001, ISO 9001, ISO 14001.
· Excellent communication skills and the ability to influence colleges.
· A good all-round knowledge of IT systems, platforms and software development techniques.