Information Security & Data Privacy Officer

  • Job Reference: 00000038-1
  • Date Posted: 8 December 2017
  • Location: London
  • Salary: On Application
  • Skill Set: IT
  • Job Type: Permanent
  • Work Hours: Full Time
  • Contact: admin admin
  • Email:

Job Description

FSCS protects consumers when authorized financial service firms fail.  We’ve helped millions of people and paid billions of pounds in compensation since 2001.


We are now recruiting for an experienced Information Security & Data Privacy Officer to join FSCS on a permanent basis.  The role holder will work closely with FSCS management and the wider ISMS team to fulfill the following:


  • Overall responsibility for the Information Security function covering information security aspects on both BAU and change FSCS activities

  • Definition and execution of the FSCS Information Security strategy and roadmap which covers the following: Information Risk Governance, Technical Security Ops, IS Training and Awareness, Third Party Risk Management and Compliance Assessment and Monitoring

  • Co-ordination of  information security activities through representatives from different parts of the organisation with relevant roles and job functions

  • Scheduling, attending and documenting IS Forums & Management Review Meetings

  • Ensuring that information security initiatives and objectives are identified, meet the organisational requirements, and are integrated in relevant processes.

  • Holding regular meetings with the senior management team to report updates.


My Priorities – what I will deliver


·         Draft, review and approve information security policies, methods and processes as necessary


·         Review the effectiveness of the implementation of the information security policies


·         Conduct annual information risk assessments on information assets, supported by asset and risk owners as appropriate, and identify significant threat changes and exposure of information and information processing facilities to threats


·         Organise and co-ordinate internal audits and reviews of the Information Security Management System as part of the ISMS audit programme and management review


·         Manage the external audit/assessment interface for various internal and external stakeholder requirements (i.e. ISO27001 certification, GDPR compliance assessment, audits and regulatory reviews).


·         Report to the FSCS executive board on the performance of the ISMS and any areas for improvements


·         Manage the Continuous Security Improvement Plan (CSIP) for all areas of the FSCS ISMS


·         Promote and communicate effectively in respect of information security education, training and awareness throughout FSCS


·         Maintain the ISMS, including compliance with annual reviews to ensure its continuing suitability, adequacy and effectiveness. This annual review includes assessing opportunities for improvement and the need for changes to the ISMS


·         Maintain change, control and integrity of documents within the ISMS


·         Analyse incident reports, identify root causes and planned improvement actions and prepare summary reports for FSCS management board, identifying any relevant trends, ISMS performance and any further recommendations for action including those not related to Information Technology.


·         Ensure that the Information Security Policy (ISP) is communicated to all FSCS employees (temporary, permanent or contractors), on commencement of employment or engagement and confirm they must read, agree and sign to ensure they have understood the ISP


·         Provide guidance and steer on compliance with ISO27001, legal aspects of information security (DPA, GDPR – see principle 7) as well as general information security best practice


·         Will have overall responsibility for GDPR compliance (DPO role and responsibilities). Plus a dotted line to the Board/CEO


·         Commitment to personal development within The FSCS as a business and to seek continuous improvement within the role itself.





My Knowledge – what I need to know

·         Extensive knowledge of Information Security and Cyber risk and control frameworks

·         Demonstrable practical experience of implementing risk  management improvements

·         Excellent communication and influencing skills

·         Demonstrable experience in building and motivating a team and managing employees.

·         Demonstrate excellence in driving change, agile ways of working, project management and continuous improvement methods

·         Excellent in leading and influencing people and have a strong track record of building positive relationships at a senior level providing constructive support and challenge to senior leaders

·         Excellent at strategic thinking, strong analytical and problem solving skills

·        Excellent organisational awareness and stakeholder management


Desirable but not essential

·         Knowledge of ISO27001

·         CISA/CISM/CISSP Qualification

o    Extensive experience in an IT and IT Information Security role and hold a recognised information security qualification such as Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP) or similar