3) Support Services
4) Home Workers
Director of Data Integrity
London, office-based / home-based
Job Grade: F
• Primary lead in developing Cifas’ information security policy, ensuring the needs of the business and members are met in a pragmatic, balanced manner.
• Ensure information security is part of the Cifas’ culture through leadership, awareness campaigns and business partnering.
• Protect our busines assets and reputation, whilst securing relevant security compliance accreditations renewals.
Key Responsibilities and Accountabilities
1. Lead in development and maintenance of Cifas’ Information Security Management System (ISMS) in line with our ISO 27001:2013 certification, including updating relevant policies and managing delivery of the internal audit programme.
2. Develop Cifas’ ISMS capabilities further, ensuring that we detect, analyse, and defend our most complex and interdependent systems, whilst understanding, managing and mitigating Cifas’ InfoSec risks.
3. Ensure all relevant security certifications and accreditations are maintained, including requirements of Cyber Essentials and PCI DSS.
4. Working in collaboration with key stakeholders across the business, including Information Governance colleagues:
(i) ensure a holistic approach to information security, providing expert advice on the selection, design, justification, implementation and operation of all information security policies, controls and management strategies;
(ii) maintain the confidentiality, integrity, availability, accountability and relevant compliance of information systems.
5. Liaise with external partners and suppliers to ensure high standards of Cifas’ information security, to satisfy their and our security requirements, whilst positively representing Cifas and being seen as a knowledge expert.
6. Deliver new starter information security inductions, and Cifas’ annual information security awareness programme for all employees, maintaining good practice within the organisation.
7. Proactively seek opportunities to continuously improve, keeping current in developments within the information security industry, legislation and compliance requirements, making recommendations to improve our practices, where appropriate.
8. Work with third party specialists and internal stakeholders to manage regular penetration testing and audit of Cifas systems & security practices, including management of any findings.
9. Maintain assurance over the security of our key third party partners a by a robust management of audit programmes.
10. Manage the Cifas corporate risk management process in collaboration the Directory of Data Integrity, and colleagues across Data Integrity function.
11. Provide security advice and guidance where appropriate across the business, protecting Cifas’ information assets and systems, and reputation with its members and stakeholders.
12. Support business projects, as required, ensuring that we consider information security in everything we do.
Standard Responsibilities Adopt and comply with Cifas values, policies and procedures including:
• Code of Conduct
• Health & Safety
• Data Protection, information security, data privacy and use of IT resources
• People & Culture policies and procedures including Equality and diversity
No role profile can cover every issue which may arise within the post at various times. The post holder is expected to carry out other duties from time to time, which are broadly consistent with those described.
• Degree level or equivalent qualification. Relevant experience acceptable.
• CISM or CISSP certification is highly desirable
Knowledge, Skills and Experience Required
• Demonstratable experience of working within the principles of information security whilst preventing corporate risk, ensuring that our data remains secure and that we make decisions based on risk.
• Strong technical proficiency withing information security, including expert knowledge in corporate, industry and professional standards, regulations, compliance, and codes of conduct requirements.
• Practical application of information security risk and governance including ISO 27001:2013 is essential.
• Skilled in managing information security assessments processes and their practical application within a business environment, including detailed knowledge of recognised information security standards, including PCI DSS, and Cyber Essentials.
• Appropriate technical knowledge covering technologies used to monitor and protect information systems, including firewalls, intrusion detection systems and Security Information and Event Management (SIEM), and Cloud Access Security Broker (CASB) products.
• Skilled communicator, able to take technical and non-technical audiences along for the journey, modifying style and content of communication to suit all situations and people.
• Ability to apply analytical thinking whilst thinking logically and sequentially in order to break problems down into component parts, taking a balanced view whilst looking at wider issues.
• Attention to detail with proven track record of delivering results and practical outcomes, processing large amounts of information without getting lost in granular details.
• Strong analytical skills with ability to think through and adapt a clear, sensible approach to planning, prioritising and organising work, to make the most efficient use of time and other resources.
• Previous experience using Office 365/Azure security procedures, including configuration, monitoring and reporting.
• Creative problem solver with hands on experience of delivering success, able to work with level of autonomy and with others to identify creative and innovative solutions for Cifas.
• Strong collaborator, working with the business to proactively identify areas for process and continuous improvement, maximising potential from the existing tools to align these to the business needs.
• High level of personal integrity, who displays respect and empathy for others and is consistent, open, and honest.
• Ability to work professionally to deadlines and work collaboratively in a team environment.
• Excellent skills in Microsoft applications, including Excel, Outlook and Teams.
• There may be occasions where the post holder is required to work outside of standard hours.
• The post holder may be required to attend meetings and events outside of normal office base and to do this occasional travel will be required.