Information Assurance Analyst – SC Cleared

Duration : Until 31/03/2023

Clearance : SC Clearance

KEY SKILLS as an Information Assurance Analyst:

• Assurance management
• Governance understanding
• Flexibility to start asap
• Awareness in cyber security – digital asset management
• Information management
• Assurance management
• Understanding governance

Certificate in Information Risk Management (PCIRM) and/or relevant experience – highly desirable or very strong experience

Responsibilities will include (though are not exhaustive):

• Embedding Cyber Security and Information policies and strategies to ensure that all GIAA data is held securely, only accessed by those authorised to view, and retained in line with government retention policies and procedures.

• Embedding a second line assurance framework across system owners and information asset owners.

• Improving the Agency’s understanding and utilisation of our core information repository InfoStore (SharePoint), monitoring compliance and providing remedial training where necessary.

• Developing and implementing a training and knowledge sharing strategy to ensure all GIAA staff are aware of their data security responsibilities.

• Providing advice and guidance to GIAA senior leaders regarding information security, supporting both the SIRO and DPO in the effective discharge of their duties, and to input into the SIRO management assurance flows.

• Shaping and implementing clear and effective processes to provide regular and comprehensive assurance updates to the Business and Information Security Committee, SIRO and DPO, recommending corrective and/or remedial action where necessary.

• Managing the GIAA interface with the Information Commissioner’s Office, liaising as required on the handling and reporting of information security breaches, and the handling of Data Subject Access Requests.

• Setting the standards for the GIAA Information Asset Owners and System Owners roles, developing and implementing the necessary controls and assurance flows to actively monitor and assess legal compliance.

Key skills and experience required:

• Experience in management information and cyber security.

• Strong team player, with a proven ability to successfully work with others to delivery key cross-organisational projects.

• Positive approach to problem solving and delivering outcomes, with the ability to exercise independent judgement.

• Certificate in Information Risk Management (PCIRM) and/or relevant experience

The role is expected to be in scope of IR35 to be confirmed through CEST tool.

If you feel you have the skills and experience needed for this role; please do apply now.