Information Assurance & Risk Officer

We are seeking an Information Assurance & Risk Officer/Cyber Security Assurance Officer to contribute to the accreditation and compliance of forces' systems within legal, national and local Information Assurance requirements in support of the Cyber Security Strategy. This is an Office based role. A full UK driving licence is required. Police Vetting is desirable, with 3 years at UK address. Candidates must be available for immediate start.

• Maintain accreditation of force systems and ensure compliance with national and local cyber security standards.
• Identify information and physical security risks and recommend mitigation actions to management.
• Support the development, testing, and maintenance of ICT Disaster Recovery and Business Continuity Plans.
• Contribute to cyber security standards, policies, processes, and procedures to protect force information.
• Develop and deliver security guidance, user education, and operational procedures; build stakeholder awareness and compliance.
• Define and enforce security requirements for third‑party suppliers in line with force policies.
• Advise on proportionate, cost‑effective security controls for new and existing ICT systems.
• Support accreditation activities, including security design documentation and risk assessments, and represent Information Assurance at relevant meetings.

• Appropriate qualification or significant experience in one or more of the following specialisms:
  Data Protection, Information Assurance, Risk Management, IT Security, NIST Cyber Security Framework.
• Appropriate professional qualification in relevant discipline (such as MSc Information Security, CISSP, CISMP, CESG Certified Professional, etc.) is desirable.
• Appropriate qualifications and/or experience in Management of Police Information (MoPI) and Physical Security of Police Assured Secure Facilities (PASF).

• Previous experience in Information Assurance and/or Information Security.
• Able to develop and draft new Information Assurance process docs and update local policies/standards.
• Experience in assessing designs to ensure secure by design methodology is applied and compliance with national policies and standards maintained.
• Experience in identifying information security risks and making risk mitigation recommendations.
• Ability to develop security guidance for users and provide advice on security requirements for new and existing IT systems.
• Ability to review third‑party security questionnaires and assess suitability as part of the onboarding process.
• Proven understanding of Risk Management and Information Assurance principles, relevant legislation and Standards is desirable.
• Technical understanding of IT systems and/or risk management processes. Must be familiar with Cloud and Mobile technologies.
• Must have capability to travel to different locations across both Forces and undertake all assignments in a timely manner.

Qualification details and any other experience/skills relevant to the role to help support your application should be clearly shown in your CV.