Information Security Officer

Aberdeen, Scotland — activTechnology

activpayroll is a market leading, trusted brand in international payroll outsourcing and we are building best in class information security. We are currently recruiting for a new Head of Global Information Security and would love to speak with highly skilled, ambitious people who would love to join us on this journey. We are proud to be ISO27001 accredited and we intend to continue to evolve and improve our information security standards.

The position will allow the right candidate to significantly contribute towards activpayroll’s continual global expansion with information security being of paramount importance to the organisation. The position will suit a dynamic self-motivated individual who is looking for fresh challenges and takes responsibility for the complete delivery of initiatives. The successful applicant shall identify and implement change as the organisation continues to expand and develop, and shall be the champion of information security with our Operations and Technology teams.

Headquartered in Aberdeen with 10 global offices covering Asia Pacific, Europe, Middle East, Africa and the Americas, activpayroll has one of the most experienced international payroll teams in the world which the successful candidate will lead and support in all security and data protection related activities.

activpayroll delivers payroll and the associated services to over 1,000 international customers; all of whom have stringent information related requirements. The role shall include direct liaison with our internal teams and customers commencing at the pre-award stage and continuing throughout the contract lifecycle. Maintenance of activpayroll’s various security related accreditations and industry standards in addition to the acquisition of further accreditations shall also fall within the responsibility of the position. The individual will have the opportunity to build a team to lead information security as the business continues to grow.

activpayroll continues on an established growth profile with annual growth forecasted to increase by in excess of 25% year on year which is supported by a talented management team and the support of our investment partners, Tenzing Private Equity. activpayroll’s growth plan is centred around great partner relationships, excellent customer service and continued investment in technology.

PRIMARY FUNCTION

To design, develop and maintain activpayroll information security programmes and ensure compliance with the programme across the business.

To be the point of contact for the organisation for security issues and advice, with the purpose of minimising data risks within the organisation.

You will be an advocate for information security globally at activpayroll, and be responsible for continually delivering information security business initiatives and improvements throughout the organisation.

ROLES & RESPONSIBILITIES

Principal Duties

  • Lead the delivery of the company Information Security Management System (ISMS) and ensure compliance is maintained with the requirements of ISO 27001 and SOC 1 Type II.
  • Perform the role of Data Protection Officer and ensuring activpayroll group maintain compliance with applicable global data protection legislation including the UK DPA, GDPR, Singapore PDPA and EU-US Privacy Shield.
  • Maintain the IT risk assessment framework, conducting risk and vulnerability assessments as required. Maintain oversight on all security related audits (internal, external).
  • Lead the training and awareness, and act as a mentor of new and existing staff to promote and embed information security.
  • Lead the Business Continuity planning, training processes and documentation and overseeing tests as required.
  • Undertake quarterly ISMS review meetings with senior management and report on areas including the overall performance of the ISMS.
  • Ensure information security incidents are fully investigated and reported. Assist in logging incident reports and performing forensic analysis for investigations into real and perceived Information security breaches.
  • Responsible for developing and implementing suitable information security policies and controls, ensuring that these are compliant with GDPR and other legislation related to information security.
  • Plan and coordinate third party penetration testing on activpayroll external facing infrastructure and web applications. Coordinate the remediation of fixes for vulnerabilities found and ensure this is done in a timely fashion.
  • Support IT projects, the ActivTechnology Team and wider organization on Information Security governance.
  • Assist with maintaining an established set of documentation and responses to assist the Business Development team in responding to security questionnaires as well as reviewing security clauses within client contracts.

Service Excellence

  • Ensure that any serious issues/problems are raised with the Chief Technology Officer
  • Communicates effectively with internal and external customers

Team Focus

  • Prioritise workload on a day to day basis
  • Working effectively with teams within the business
  • Must be able to work in a team and follow strict guidelines for the development of applications
  • Working as a team to achieve department goals
  • Ensuring a safe working environment and raising any health and safety concerns

Commercial Awareness

  • Keeping up to date with new technology and practices which may benefit activpayroll
  • Be innovative and identify areas of improvement

Professional & Personal Development

  • Maintaining information security certifications
  • Updating skills on a regular basis
  • Ensure that actions from appraisal reviewed regularly with CTO

Competencies

  • Highly experienced in cyber security and risk management
  • An information security certification such as CISM, CISSP, CRISC, CISA, CEH is mandatory
  • Relevant data protection certifications such as CIPP/E, CIPT, CIPM are also highly desirable
  • Excellent understanding of data classification, disaster recovery and business continuity
  • Excellent working knowledge of ISO 27001 standard
  • Excellent understanding of SSAE18 / ISAE3402 auditing standard
  • Bachelor's degree or equivalent in Information Technology, Computer Science, Engineering or a related field is desirable but can be substituted by experience
  • Knowledge of information security principles and best practices such and experience in managing information security risk as well as a general information security technical background
  • Knowledge of security best practices with relation to applications, network and client setups
  • Practical knowledge and experience in writing and implementing information security strategy, policies and procedures
  • Implementation of security training and awareness programmess
  • Highly organized with ability to prioritize workload to incorporate changing priorities
  • Excellent interpersonal skills and the ability to communicate clearly at all levels through reports, presentations and forming effective relationships
Your application