Information Security and Assurance Advisor

Information Security & Assurance Advisor West Midlands | Hybrid Working | Permanent | Full Time Salary: £50,949 - £57,186 A secure government organisation is seeking an Information Security & Assurance Advisor to join its Information Assurance function, supporting information security, governance, risk and compliance activities across a complex operational environment. This is an opportunity to play a key role in protecting sensitive information, managing information security risks and ensuring compliance with regulatory, legislative and organisational requirements.

Working across the organisation, you will provide specialist advice and assurance services that support the secure, lawful and effective use of information. Security & Eligibility Due to the nature of this position, applicants must:
Have the unrestricted right to work in the UK. Have continuously resided in the UK for the last five years. Be eligible to obtain enhanced security clearance. Hold a full UK driving licence. Be willing to travel regularly across the region as required. The Opportunity Working within a specialist Information Assurance team, you will provide expert guidance across information security, risk management, assurance, governance and data protection activities.

You will support the development and implementation of security controls, policies and assurance processes, helping stakeholders understand and manage information security risks within a highly regulated environment. The role offers significant engagement with operational teams, technical specialists, suppliers and senior stakeholders, making it well suited to someone who can balance security requirements with practical business outcomes.

Key Responsibilities Identify, assess and manage information security risks across the organisation. Support compliance with national information security and assurance requirements. Provide expert advice on information security, governance and data protection matters. Develop, review and maintain information security policies, procedures and standards. Undertake information security audits, assurance reviews and compliance assessments. Support data protection compliance activities and privacy impact assessments. Investigate and manage information security incidents, ensuring lessons learned are captured and controls strengthened.

Produce risk, assurance and compliance reporting for senior stakeholders. Assess supplier and third-party security arrangements and associated risks. Deliver security awareness guidance and support across the organisation. Contribute to the continual improvement of information assurance and security governance frameworks. Essential Experience Applicants should be able to demonstrate experience in several of the following areas:
Information Security, Information Assurance or Information Risk Management. Security governance, risk and compliance activities. Information security audits and assurance reviews. Security incident management and investigation. Data protection and privacy compliance. Developing and implementing security policies and procedures. Stakeholder engagement across technical and non-technical teams. Working within regulated or compliance-driven environments. Essential Knowledge Information security standards and frameworks such as ISO
27001 and NIST. UK GDPR and Data Protection legislation. Information risk management principles. Security governance and assurance practices. Confidentiality, integrity and availability principles.

Desirable Experience Government, policing, criminal justice or wider public sector experience. Supplier assurance and third-party risk management. Accreditation, compliance or audit programmes. Experience operating within secure or highly regulated environments. Professional Qualifications Relevant certifications are highly desirable, including: CISSP CISM CRISC Information Risk or Governance qualifications Data Protection qualifications Equivalent experience will also be considered. What We're Looking For We're seeking a credible and pragmatic security professional who can communicate complex security and risk issues clearly and effectively.

You will be comfortable engaging with stakeholders at all levels, influencing decision-making through evidence-based recommendations and helping the organisation balance risk, compliance and operational requirements. Most importantly, you will understand how effective information security enables organisations to make better use of information while maintaining appropriate levels of protection and assurance. Apply Now If you have experience in Information Security, Information Assurance, Governance, Risk & Compliance, Data Protection or Security Risk Management and are looking for an opportunity to make a meaningful impact within a secure government environment, we'd like to hear from you.

Please apply with an up-to-date CV as soon as possible. Early applications are encouraged.