Accessibility Links

Information Security Officer

  • Job reference: 921270
  • Location: Gloucestershire
  • Salary: GBP50000 - GBP55000 per annum
  • Job type: Permanent
  • Sector: Cyber Security, IT & Telecoms
  • Date posted: 21/08/2018

The purpose of the post is to provide support to the Information and Cyber Security Manager. This will include assisting with the development and implementation of contract security policies, procedures and processes in accordance with current regulation and legislation whilst also enabling the business. The Information Security Officer will also assist the Information and Cyber Security Manager with the organisation of Information Security within the company, liaising with external authorities and organisations to provide specialist advice on security reviews and investigations relating to Information Security issues, events and incidents, as well as assisting with Information Security awareness and training.

Activities to be delivered by Post

  • Compliance with the Information Security requirements of the Nuclear Industries Security Regulations (NISR) 2003 (as amended).
  • Develop and contribute to producing Contract Security policies, processes and procedures.
  • Ensure that the client's third party suppliers and delivery partners (hereafter referred to as 'Contractors') apply an acceptable level of protective security and are compliant with the requirements of NISR 2003.
  • Liaise with the Commercial team to ensure that Information Security are notified of all potential classified contracts / to educate on required security measures that need to be built into processes, procedures and ways of working.
  • Take action to ensure that in all contracts involving SNI, appropriate Security Measures are included.
  • Provide security advice to contractors and leading on investigations when Commercial information or SNI has been the subject of a security breach or has been compromised.
  • Carry out an annual review of the management of all classified contracts, particularly those aspects relating to the security of Commercial information or SNI.
  • Ensure that contractors are aware of their legal obligation for reporting any breach, or suspected breach of security to ONR in accordance with NISR 2003 Regulations 22.
  • Assist the Information & Cyber Security Manager with the organisation of Information Security within the client, liaison with external authorities and organisations, providing specialist advice on security audits, reviews and investigations relating to Information Security issues, and assist with Information Security awareness and training.

Accountable to Information and Cyber Security Manager for:

  • Efficient and effective delivery of the Contract Security Officer role.
  • Effective provision of support in relation to the organisation of Information Security.
  • Provision of security advice to commercial with regards to contractors, to ensure compliance with NISR 2003.
  • Investigation, reporting and resolution of Information Security incidents within the client, taking appropriate action to define and implement corrective actions where non-conformities have been identified.
  • Production of fit for purpose security documentation to meet requirements of HMG SPF, ONR regulations, ISO 27001 & 27002, including Security Operating Procedures (SyOPs).

Key relationships

  • Information and Cyber Security Manager
  • IS Dir & Head of Security Policy
  • Corporate Services Director
  • Commercial Directorate
  • Contractors
  • ONR
  • Centre for the Protection of National Infrastructure, NCSC

Mandatory requirements

  • Relevant graduate degree (e.g Risk Management, or Information Technology or relevant experience).
  • Membership of a relevant professional institution such as the Institute of Information Security Professionals.
  • Experience of delivering Information Security within large scale delivery programs and projects.
  • Demonstrable experience in carrying out risk assessments and security audits in order to achieve and maintain compliance, with up to date knowledge of security compliance issues.
  • Demonstrable understanding and experience of HMG security and ISO 27000 standards.
  • In-depth knowledge and experience of Nuclear Security regulations and standards including the HMG Security Policy Framework & Government Security Classification.
  • Demonstrates effective planning, prioritisation and delivery (through self and others).
  • Ability to communicate, influence and build productive and collaborative relationships with a diverse range of internal and external stakeholders.
  • Ability to spot and contribute to delivering everyday improvements.
  • Displays a questioning attitude, with clear evidence of using initiative and judgement.
  • Ability to learn, adapt and thrive, delivering value in a changing and evolving organisation.
  • Consistently demonstrates behaviours aligned to its values: safety, courage, integrity, collaboration and inspiration.
  • Flexibility and mobility to undertake business travel as required.
  • Experience of devising or playing a key role in contributing to policies/procedures.
  • Evidence of continuous professional development, Post Graduate degree preferred in Information Security or professional qualification such as CISM, CISSP, CESG CP.
  • Strong verbal and written communications to include excellent documentation and presentation skills.

Desirable requirements

  • An understanding of the UK civil nuclear industry.
  • Demonstrable understanding and experience of Civil Nuclear Security regulations and standards.
  • A blend of both government and commercial experience is beneficial.
  • An understanding and some experience of wider security requirements within personnel and physical security is beneficial.
  • International experience.
  • Member of relevant institute.

Our role in supporting diversity and inclusion
As an international workforce business, we are committed to sourcing personnel that reflects the diversity and values of our client base but also that of Orion Group. We welcome the wide range of experiences and viewpoints that potential workers bring to our business and our clients, including those based on nationality, gender, culture, educational and professional backgrounds, race, ethnicity, sexual orientation, gender identity and expression, disability, and age differences, job classification and religion. In our inclusive workplace, regardless of your employment status as staff or contract, everyone is assured the right of equitable, fair and respectful treatment.