Information Assurance Officer

Job Type Finance
Region London
Location Victoria
Preferred Hours Full and Part Time
Partnership Level
Closing Date 22/7/2019
Vacancy Type
Salary £78,400 - £119,000
Salary Frequency per annum
Hours of Work
35 hours per week
Monday to Friday
09:00 - 17:30

As a business we encourage flexible working. We have a number of different ways to work flexibly, so at your interview feel free to talk about what flexibility means to you. There are no guarantees, however, examples of how our Partners already work flexibly include part-time, job share, home working and compressed hours.

This role will be based in Victoria, with occasional travel to alternate locations.

Duties & Responsibilities

We are recruiting for an Information Assurance Officer, to lead and direct the John Lewis Partnership's Data Privacy and Information Security Policy and Controls Assurance team. In this role you will oversee the team in developing, advising and providing assurance to senior stakeholders, on the status of the Partnership's information security and privacy controls framework. As our Information Assurance Officer, you will deliver expertise on Data Privacy and Information Security policy and controls design, operation, governance and remediation through proactive identification and reporting on any gaps in compliance. This role will require you to influence and challenge decision making, and effectively escalate to senior stakeholders.

Job Requirements

Our Information Assurance Officer will lead the provision of Partnership-wide assurance for Partnership information security and data privacy policy compliance. Some of the key responsibilities of the role will include:

- Reviewing and leading on policy development, standards and guidelines across the Partnership
- Continuously improving the Data Privacy and Information Security assurance model for the Partnership, including controls design and operating advice, testing and reporting
- Effective people management and development of partner capability in line with regulatory and commercial needs
- Being a primary interface between policy and standards development, implementation and regulation, across key stakeholders such as IT Security, Data Owners, Risk Managers, Audit and the DPO
- Working with key stakeholders to foster a robust control environment, recognising and supporting regulatory and commercial challenges as appropriate in driving compliance
- Developing and delivering Partnership-wide data awareness and security training across Head Office and branches to continuously improve data risk management and policy compliance awareness
- Supporting the business in incident and crisis management, resolution and post-event analysis
- Representing the John Lewis Partnership Data Privacy and Information Security team in internal Steering Groups and Senior Leadership Committees and external forums as relevant

Required essential experience skills and qualifications

- Degree, or equivalent experience, security qualifications and appropriate accreditation
- Strong knowledge of Risks, Controls and Compliance across both the business and IT environments
- Leading/operating second line of defence teams
- Detailed GDPR knowledge and associated experience
- Excellent communication skills
- Operational excellence and team leadership
- Resilience and effective influencing, able to influence senior management when dealing with complex and competing objectives
- Experience in developing and maintaining organisational Information Security Policy and risk management frameworks and Procedures
- Understanding of data privacy and information security risk management

Required desirable experience skills and qualifications

- Professional IT Accreditations (CISM, CCSA, CCSE, JNCIA, CCNA, CISSP, CCIE Security)
- Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials
- Certification in Risk and Information Systems Controls
- Professional Risk Management Accreditations (MoR or equivalent)
- Professional Compliance Accreditations (CoBiT, ISO27001 or equivalent)
- Professional IT Accreditations (CISSP, Security+, Prince2, MSP)
- Strong matrix management experience
- Strong analytical and project management skills
- Experience implementing security controls
- Experience administering network devices, databases, and/or web application servers, Unix/Linux and Windows system administration, multiple relational database platforms, including MSSQL, Oracle, MySQL
- IT Security Operational experience
- Project Management skills

Please consider the following when making your application:

- We occasionally close vacancies early in the event we receive a high volume of applications. Therefore, we recommend you apply early.
- Please print/save the job description now as it won't be available to view after the vacancy has closed
- Please ensure you attach a current CV to your application

Please note, this role will be subject to the following pre-employment screening: 3 year reference check, 3 year financial probity and basic disclosure.
Please click here to view and download the Job Description for this role  


Latest opportunities

Mushroom Farm Harvester - Leckford Estate
  • Leckford
    , South East England
  • £8.40 - £10.00
  • Closing Date: 31/7/2019
Packer, Leckford Mushroom Farm
  • Leckford, South East England
  • £8.40 - £10.00
  • Closing Date: 31/7/2019
Senior Software Quality Engineer
  • Victoria, London
  • £59,200 - £87,300
  • Closing Date: 27/7/2019