Information Security Officer

**What you'll do on a day2day basis**:

- Manage the design, delivery and development of the Information Security Management System and Cyber Security Programme to ensure it comprehensively meets current business needs and evolves to provide clear added value
- Develop and continually evolve Token’s Information Security strategy and Cyber security strategy and ensure that there is quantifiable progress in applying
- Own, review and contribute to information security policies and associated procedures and standards
- Develop the operational processes and controls, and assess their effectiveness in mitigating Information Security and Cyber Security risks faced by Token
- Monitor and enforce the information security policies and technologies for all Token business processes, systems and infrastructure
- Support the business with the creation and maintenance of data protection registers to monitor and track data sharing arrangements, data retention policies, breach notification, ICO registrations and effective asset management and disposal.
- Lead the development of the security risk management and control systems
- Facilitate the remediation of identified vulnerabilities for IT security and IT risk
- Support data discovery exercises to ensure all personally identified information is identified and monitored.
- Conduct regular and ongoing monitoring of and reporting on Token’s compliance with external information security standards, regulations and policies, for example ISO 27001, PCI DSS, Cyber Essentials Plus and DORA.
- Liaise with the technical teams to ensure data requirements are captured during Agile development process
- Liaise with SRE’s to ensure that sensitive data is stored and monitored appropriately
- Liaise with 3rd parties that may store sensitive data on behalf of Token, ensuring that the data is stored and monitored appropriately
- Support Privacy Impact Assessments on new products/services and complete Data Protection Audits on business functions and key risk areas
- Promote user education awareness of applicable regulatory standards, upstream risks and industry best practices
- Communicate and engage with multiple stakeholders (all the way to senior level) on information security compliance and cyber security controls; and

**Key Performance Indicators**:

- Achieving ISO 27001:2017 certification and Cyber Essentials Plus
- Achievement of deliverables on IT Security
- Continual Improvement plans as agreed by the Security Committee
- Ensuring Token’s annual information security and cyber security monthly activity is delivered by all responsible parties
- Appropriate security governance procedures are implemented and adhered to
- Appropriate security technologies as defined in agreed strategies are implemented successfully
- Mitigate known security risks

**What knowledge, skills and experience you need to be successful in this role**:

- The role will suit an individual who has a passion to develop their own skills and knowledge in Information Security and Cyber Security compliance
- a proactive person who is a ‘hands on’ starter/finisher, that is driven, enjoys responsibility and achieving results
- highly organised person in their ability to manage and prioritise workload, adept at operating effectively within a fast-paced organisation while delivering through influencing and relationships
- Bachelor's degree or Masters in Information Security or Cyber Security or related field experience
- CISSP and/or CISSM or in the process of achieving these certifications
- Good technical knowledge of security in hosted Cloud environments e.g. Google, AWSTechnical knowledge of information security compliance (ISO 27001:2017, PCI DSS, Cyber Essentials), data security and IT security arrangements
- Knowledge of Privacy and Data Protection legislation
- Strong technical skills relevant to Information Security such as data encryption, secure data transmission, secure data consumption and risk analysis
- Analytical and detail-oriented
- Strong understanding of security technologies and best practices
- Senior stakeholder management

**Open to all**

Token is building an open future for everyone.

We don’t just accept different points of view, lived experiences and new ways of thinking — we search them out. They help us make better products, better decisions, and a better place for everyone to work.

So, come as you are.

We acknowledge and embrace different backgrounds, identities and abilities. Respect is our default, and empathy is our baseline.

No one succeeds until we all do.