Information Security Manager

Job Introduction

NNL are looking to strengthen the Cyber Security & Information Assurance capabilities within the security team. An opportunity exists for an individual to provide leadership and guidance in all areas of NNL information security and its associated compliance programme. The role will be responsible for ensuring a strong control environment, incorporating security best practices, policies and procedures into all area of the NNL.

Role Responsibility

• Develop and maintain technical, procedural and management security controls and monitor their performance.
• Manage compliance with both contractual obligations and regulatory requirements.
• Develop and maintain effective project Security Assurance processes.
• Ensure the NNL is compliant with Information Security policies and procedures, and in alignment with its ISO27001 certification.
• To ensure that Cyber Response, Business Continuity and Disaster Recovery Plans are updated, tested and appropriate for the NNL.
• Oversee the Information assurance and accreditation of IT infrastructure.
• Work as an active member of the NNL Security community to promote continuous improvement, good governance and risk management.
• Report to the NNL Company Security Manager the security status of Information Security across the NNL.
• Travel is included in the role so there is some flexibility regarding a home base as long as flexible to travel. Majority of the time will be spent in the North West (Cumbria, Lancashire and Cheshire) with occasional travel to locations near Oxford and Bristol.

The Ideal Candidate

Essential Skills/Qualifications:

An experienced Information Security Manager with demonstrable experience in the design, implementation and maintenance of ISO27001 / what were previously known as Business Impact Level 3 systems / Protective Monitoring / HMG Security Policy Framework / Physical handling arrangements for Protectively Marked Information at higher levels.

• Experience of working in complex multi-site environments
• Good understanding of information security practice
• CESG Certified Professional (CISSP)
• Certified Information Security Manager (CISM)
• Practical experience and awareness of Government/CESG Security standards and practices.
• Implementing RMADS experience
• Practical risk assessment and management to Government and other standards.
• Ability to provide business driven advice on the management of security and information risk consistent with HMG IA policy, standards and guidance as well as be capable of assisting the production of Risk Management and Accreditation Document sets.
• Able to achieve SC clearance if successful.

Desirable Skills/Qualifications

• Experience in the development of information security processes and procedures
• Ability to develop and sustain good information security culture
• Risk management experience
• Threat and Vulnerability Assessments
• Good interpersonal skills.
• Organised and able to operate largely unsupervised on goals-orientated basis across a number of sites located in the UK.

   

About the Company

We play a key role in the UK and global nuclear industry. That means reducing the cost of clean-up and decommissioning, maintaining critical skills and attracting talented new people to the industry. We're the only UK organisation with the skills, facilities and expertise to provide technical support to all aspects of the nuclear industry. What's more, we pride ourselves on offering quality, value and service to every one of our customers.

National Nuclear Laboratory