- Home
- ...
- All Open Positions
- Job Title
Description & Requirements
On behalf of The Pension Protection Fund (PPF) we are looking for a Head of Information Security and Privacy (Inside IR35) for a 6 month contract. Hybrid working with 2 days per week in Croydon.
As a Head of Information Security and Privacy your main responsibilities will be to:
- Develop and promote policies for sourcing and maintaining data, including compliance with regulations, standards and good practice relating to information management, security and protection, and quality assurance, including data cleansing.
- Responsible for the research and awareness of emerging security risks, ensuring solutions, services, policies, procedures and IT security education programmes are updated in reasonable timeframes to mitigate against new risks.
- Provide a Business Intelligence/Management Information Service to the PPF for information, cyber and data security.
- Responsible for making sure that PPF is fully compliant with ISO 27001 by ensuring current and new data sources are fully compliant.
- Ensure that all governance and audit requirements are undertaken in line with the IS27001 standards to maintain compliance in line with HMG guidelines, using third parties as required.
- Ensure that the PPF is appropriately protected against data loss, Information and cyber risks that is aligned to the business needs.
- Responsible for ensuring that the PPF is fully compliant with all security guidelines and the Code of Conduct, using third parties as required.
- Responsible for Information Security reporting, including Annual DWP information security audit, and coordinate and submit the organisations’ annual PSN Code of Connection return to Government Procurement Services PSN team.
- Manage internal and external security resources, ensuing roles, responsibilities and functions are undertaken.
- Responsible for the management and reporting of any information, cyber or data incidents.
Essential:
- Experience in an Information Security Manager, Consultant or equivalent information security leadership role.
- Proven experience implementing and maintaining Cyber Essentials and Cyber Essentials Plus accreditation programmes.
- Demonstrable experience developing, implementing, and maintaining information security policies, standards, and procedures.
- Experience leading or supporting GDPR compliance projects, including implementation and ongoing governance activities.
- Strong understanding of information security controls, risk management frameworks, and security governance practices.
- Good knowledge of ISO 27001 requirements, ideally gained through direct involvement in achieving or maintaining certification within a previous organisation.
- Experience presenting security metrics, risks, and performance reports to senior stakeholders, leadership teams, and governance committees.
- Ability to build and maintain effective working relationships with both internal and external stakeholders.
- Excellent written and verbal communication skills, with the ability to convey complex security concepts to technical and non-technical audiences.
- Strong organisational and planning skills, with the ability to manage competing priorities and deliver to tight deadlines.
Desirable:
- Relevant Information Security certifications.
- ISO 27001 Lead Auditor certification, or equivalent auditing experience.
- Experience within the Public Sector, Financial Services, Pensions, or other regulated industries.
- Knowledge of data protection legislation, processes, and best practices.
- Experience managing third-party suppliers and security vendor relationships.
Please be aware that this role can only be worked within the UK and not Overseas.
In applying for this role, you acknowledge the following "this role falls in scope of the Off Payroll Working in the Public Sector legislation. Any rates of payment quoted will reflect the gross rate per day for the assignment and will be subject to appropriate taxes and statutory costs. As such the payment to the intermediary and your income resulting from this contract will be different".