Start Date: ASAP
Term: 6 months
Contracting Authority: MHRA (Medicines and Healthcare Products Regulatory Agency)
Location: Remote, but need to be within commutable distance of London
Information Security Officer (Cyber Security Risk) | Inside IR35
The Medicines and Healthcare products Regulatory Agency enhance and improve the health of millions of people every day through the effective regulation of medicines and medical devices, underpinned by science and research.
This role will deliver the agency’s security and privacy agenda. The postholder will be part of the Data and Information Governance team, deputising for the Deputy Director – Data & Information Governance as necessary.
This role exists to ensure that information security remains front and centre in our digital transformation. You will be a skilled and experienced Information Security Officer with the ability to lead a team to deliver the agency’s security agenda.
This is a high profile role, leading a small team you will lead, coordinate and support information risk management and the Agency’s Information Security Management System.
Your role will include working with the Senior Information Risk Owner, and Data Protection Officer to make risk-based decisions on strategic and tactical issues, working with internal and external stakeholders at various levels.
You will work with network and architecture colleagues to review and influence designs of systems, and to provide substantial input into the transformation of the function in line with the Information Security Roadmap and significant projects.
The postholder will be expected to quickly get up to speed with agency culture and processes, not least so you are in a stronger position to share and develop the culture around cyber security and privacy.
Your Responsibilities
-
Responsible for Information Security within the Agency including risk assessment and information assurance, working closely with Data Protection Officer.
- Provide management, leadership, development and strategic direction for the Information Security function.
- Provide risk management and assurance to the Senior Information Risk Owner (SIRO), and the Audit and Risk Committee on cyber security.
- Maintain an awareness of emerging security risks and control technologies, procuring and managing services and tooling.
- Review security and privacy risks, designs and decisions for new and existing technology solutions, working closely with programme managers and digital delivery partners, managing our information security architecture service.
- Manage response to security incidents and data breaches, providing a pro-active and effective response.
- Own, maintain and embed appropriate cultural values of the agency’s security strategy, ensure continuous professional development through training, communication and educational activities.
- Manage and develop a framework of policies and procedures to support effective information security in the Agency.
- Work with colleagues within the Data, Knowledge and Information Management team to protect and govern information through an information lifecycle governance framework.
Person Specification
Experience of Making Effective Decisions within a fast-paced environment with the ability to present reasonable conclusions sometimes based on incomplete evidence and providing recommendations to the Senior Information Risk Owner and MHRA Audit and Risk Committee.- Experience Communicating and Influencing – this role requires strong interpersonal skills, including influencing, communicating technical information to a non-technical audience, building relationships and developing collaborative working across different teams to delivery improved security outcomes.
- Experience with Leadership – in this role you will not only provide leadership to the information security in the agency, but also act as part of the leadership team within the Data and Information Governance Group, and across our division, being visible, approachable and modelling professional expertise.
- Experience Delivering at Pace, ensuring timely quality deliverables, working flexibly with colleagues in digital delivery, to ensure that information security requirements align with agile practice. Give honest, motivating and enthusiastic messages about priorities, objectives and expectations to get the best out of people.
- Risk Assessment, Significant experience of working within a risk management framework, making threat assessments and advising senior stakeholders on risk acceptance. Able to communicate effectively across organisational, technical and political boundaries, understand the context. Able to advocate and communicate what a team does to create trust and authenticity. Information risk assessment and risk management
Required Qualification
- You will hold certified CISM, or CISSP qualifications or at least four years experience within the government security profession.
“In applying for this role you acknowledge the following; this role falls in scope of the Off Payroll Working in the Public Sector legislation. Any rates of payment quoted will reflect the gross rate per day for the assignment, and will be subject to appropriate taxes and statutory costs. As such the payment to the intermediary and your income resulting from this contract will be different.”
Please be aware that this role can only be worked within the UK and not Overseas.
