Information Security and Assurance Advisor

Information Security and Assurance Advisor

Location: Leek Wootton

Salary: £48,894.00 - £54,879.00

Permanent

Full time

Job Purpose:

To provide professional guidance and specialist advice regarding all information assurance, security, and risk matters. Ensure the development and implementation of policies, procedures, and processes to achieve compliance with national codes of connection for Police information systems and the SYAP.

To support the maintenance of the Warwickshire Police Information Security Incident Register, manage investigations of reported incidents, and recommend corrective measures to prevent re-occurrence.

To undertake onsite audits of Police facilities for information security and assurance issues and conduct 3rd Party Supplier assessments to ensure compliance with security standards.

To assist departments with data protection impact assessments and provide guidance on information assurance and security matters.

Main Responsibilities:

1. Support the Warwickshire Police Information Security and Assurance programme to ensure compliance with security standards and reporting requirements like Syap.
2. Develop, review, and implement policies for information security and cyber security management, supporting the Information Assurance Team and Cyber Security functions.
3. Implement assessment processes for information assets to ensure compliance with security policies, standards, and legal requirements.
4. Act as a point of contact for information security and assurance queries.
5. Plan and execute security audits and compliance checks to protect information systems and assets, ensuring adherence to standards and policies.
6. Identify security requirements, create Risk Assessment Reports, and review assurance documentation for new or changed processes and assets.
7. Coordinate investigations of security incidents and monitor trends to inform organisational learning and prevent re-occurrence.
8. Prepare and deliver training, education, and awareness programs on information security and risks.
9. Engage stakeholders, including partner agencies and third-party suppliers, to ensure compliance with legal and statutory requirements, standards, and best practices.
10. Maintain current knowledge of information security legislation and practices to foster continuous improvement and innovation.
11. Represent Warwickshire Police professionally at meetings and groups, developing partnerships with relevant organizations, and assist in chairing and minute-taking at the Tactical Information Assurance Group.
12. Undertake other duties as appropriate to the role's responsibilities and grading.

Special conditions: Regular travel throughout Warwickshire.

Person Specification:

Knowledge:

• A Levels or equivalent qualification.
• Recognized information security, data protection, or information risk qualification (e.g., CISM, CISSP, GCRC, CRISC, DP PDP, BCS).
• Practical knowledge of current standards like ISO 27001/NIST Framework.
• Understanding of data protection legislation and standards.
• Knowledge of security issues across technical, human, procurement, project, and physical domains.
• Understanding of information security concepts related to confidentiality, integrity, and availability.

Desirable:

• Knowledge of police service IA conditions (Codes of Connection).
• Experience with 3rd party and onsite security audits.

Experience:

• Operational delivery of information security in multi-site organizations.
• Experience with PSN/Syap compliance and accreditation maintenance.
• Developing and implementing security policies and procedures.
• Conducting internal audits and working with external auditors.
• Leading meetings with stakeholders at senior levels.
• Liaising with organizations on security matters.

Key Skills:

• Ability to meet deadlines and adapt to changing demands.
• Influencing skills based on factual communication.
• Strong interpersonal and communication skills, capable of explaining complex issues.
• Handling sensitive enquiries and managing secure information.