Information Security Officer

About Police Digital Service

To protect people from harm in our rapidly changing world, police services must not only keep up with technology and business changes but develop capabilities and ways of working that will enable them to adapt to and deal with the complexity of modern criminality.

Police Digital Service strives to be the go-to partner for technology developments and programmes across UK policing. Our team provides technical advice and delivers services to help policing and law enforcement organisations across the UK prioritise and focus on technology efforts.

Key Responsibilities

• Support the delivery of the Information Security Management System (ISMS), including the governance, risks & issues and compliance returns for National Policing.

• Maintain Security Policy framework, working with stakeholders to ensure that Information Security related Policies, Procedures and Standards are up-to-date and available as required. 

• Lead the management of information security risks to drive operational capability that supports the strategic cyber aims of PDS. Including appropriate controls, mitigations and risk treatment plans, ensuring they are up to date, relevant, aligned to standards/guidance and meaningful to the business. Produce relevant risk reports and metrics to communicate risks to relevant stakeholders, both internally and externally. 

• Lead and implement actions from the communications strategy, including the delivery of training and education to influence and raise awareness of good information security management practice across the organisation. 

• Support the management of security incidents, assisting in the provision of security advice and solutions to minimise further risk and reduce the impact. Manage the security incident reporting process, escalating when required and briefing to senior leaders. 

• Lead and maintain relationships with the Business Units on our tenant, and other partners/customers, promoting good security practices and assessment of risk. 

• Support the management of information security asset and cyber service inventories in relation to information security. 

• Assist in the assessment of intelligence, threats to, and vulnerabilities of; information systems and assets.  Liaise with key business areas to ensure a cohesive approach to the implementation of proactive activities such as IT Health Checks, remediation activities,  compliance audits and personnel control measures. 

• Provide support on PDS audit activity (internal and external) including collation and provision of evidence for annual ISO 27001 audits. 

Skills & Knowledge:

• Qualifications in IT, information assurance and governance or related discipline/significant relevant experience

• Knowledge and significant experience in information security and risk management

• Strong engagement focus and proactive style

• Demonstrable understanding of the principles of risk management

• Good IT skills, including the use of Microsoft suite of tools

• Good communication skills, to produce persuasive material to engage colleagues and external stakeholders

• Awareness of information security controls and frameworks such as ISO27001 and NIST

• Good understanding of privacy requirements and other relevant legislation and regulations

• Good working knowledge of Digital Policing Strategy and understanding of current technologies and cyber challenges

• Being of the highest integrity with a strong understanding of confidentiality and security

Essential:

• Proven IT/Information security and risk management in large organisations with complex security and compliance requirements

• Production of/or input to policy, process and procedural documentation

• Supporting the design, implementation and operation of security controls

• Defining and/or implementing security controls across multiple layers of the IT architecture stack

• Developing strong working relationships with a number of stakeholders

• Implementing/running security processes aligned to information and cyber security governance frameworks

• Non-police personnel vetting and Security Check will be required and must be maintained during tenure. Will be required to sign Official Secrets Act

Desirable

• Working in Defence, ‘Blue Light’ and/or Government organisations

• Utilising the Microsoft 365 Security suite of tools

• Participating in and/or leading audits against ISO27001 NIST or similar

Please download the candidate pack to view the job description and key criteria in full detail. 

Our Values are

• We value People

• We do the right thing

• We are innovative

• We are one Team

• We are proud and passionate

Diversity, equity and inclusion

We are committed to equal opportunity for all and will not discriminate on any grounds. We encourage applications from people from the widest possible span of experience. We particularly  welcome applications from Black, Asian and Minority Ethnic candidates and people with disabilities.

Working Arrangements

This is a remote role with occasional travel required to attend meetings. 

All applicants must be eligible to undergo NPPV3 (Non Police Personnel Vetting Level 3) and SC vetting clearances. Successful applicants will require NPPV3 clearance to have been cleared before starting with PDS. 

Please note, we may choose to close the advert early if we receive a high volume of applications for this role so please endeavour to to complete your application as soon as possible.