About us
SMS Plc are leaders in the smart energy revolution, fitting over a million properties with smart meters and counting. At the heart of the UK energy market for over two decades, we play a critical role in transforming and decarbonising the UK energy system. We are proud of being both an equal opportunity employer and an accredited real living wage employer! We look out for our customers and our focus is ‘putting our people first’.
Our people enable us to do all of this by living our 5 core values: Safety, Customer excellence, Sustainability, Innovation and Pride
The Role
The Information Security Officer, working as part of a wider Information Security team, you will be responsible for the day to day administration of internal infosec, ISMS, audits, including implementation/ adherence to Information Security standards including ISO27001, Cyber Essentials and NIST CSF. Compliance with GDPR regulations and reporting on the implementation of technical controls as required.
You will be the main point of contact for responding to customer and supplier audits, tracking the results, and ensuring any remedial actions are carried out as well as generating management information for various steering level groups. Furthermore, you will be involved in other consulting works as part of the wider InfoSec and IT teams around user administration, patch and vulnerability management, and third-party supplier management.
The role will report into the Head of Information Security, the scope will cover the SMS PLC group and its subsidiaries to carry out the key responsibilities specified below. Building relationships with both internal and external stakeholders are key in delivering against the key metrics within the information security team. The role may involve travel to sites across the UK to perform onsite security audits facilitating both internal and external parties.
In Summary, the role is about collaborating with others to enhance the maturity of the organisations IT & Information Security function enabling the business to operate securely and efficiently without compromising productivity. A successful candidate will be able to operate independently and within a group dynamic to deliver against key objectives set out in the SecOps roadmap.
Hours of work will be Monday to Friday 8.45am - 5pm , 36.25 hours per week .
Special Conditions - The successful applicant will be open to travel to additional sites where required.
KEY RESPONSIBILITIES
- ISO27001 + SMETS 2 Audits and evidence collation
- Management of the Information Security Management System, including writing policies, standards and procedures.
- Driving maturity against information security standards including ISO27001 and NIST Cyber Security Framework (CSF).
- Maintaining the IT Risk Register by carrying out regular risk assessments across the group.
- Provide guidance to Business stakeholders around Information Security/GDPR/Data privacy concerns
- Conducting Internal Audits (UK site travel may be required)
- Managing External Audit Request Process
- Report Generation across Information Security areas of responsibility
- Security Spot Checks
- Data Governance response tasks and data cleansing
- User access rights authorisation review
- Third party supplier management, RFCs, due diligence
- InfoSec consultation with other areas of the business
- Other additional duties as required
Experience and Education
Essential
- ISO27001 Lead Auditor/implementation Certification or equivalent
- Experience of ISO27001 implementation and Auditing
Desirable
- Certified Information Systems Auditor (CISA) (or equivalent)
- A degree in Information Technology/Computer Information Systems (or equivalent)
- Experience of NIST Cyber Security Framework implementation and Auditing
SKILLS & KNOWLEDGE
- Clear understanding of IT audit methodologies.
- Experience within an Information Security role, with extensive experience on Information Security processes and regulations
- Experience of managing/ implementing IT Risk Management frameworks
- Ability to work under pressure in a fast-paced and developing environment.
- Strong attention to detail with an analytical mind and outstanding problem-solving skills.
- Broad awareness and interest of Information Security trends is desirable
- Software Application and Cloud Security principals and practice is desirable
- General and broad IT knowledge across Infrastructure, Development and Service Management is desirable
In Return
We support Mental, Physical and Financial wellbeing, and we're proud of our benefits package to reward great talent which includes:
- 25 personal holiday days per year with additional allocation of 8 public holidays (includes options to buy and sell)
- After 5 years’ service, you will be rewarded with an additional 5 days annual leave increasing your total to 30 personal days and 8 public holidays.
Smart Health
Keeping our employees mentally and physically healthy is one of the things that matters most to us.
- Employee Assistance Programme (free access to counselling & support) with easy access via My Healthy Advantage app.
- Access to SmartHealth app - includes a free 24/7 online GP and a range of wellbeing services.
- Cycle Scheme - lower your carbon footprint whilst staying healthy.
Smart Savings
- Eligibility to join our Share Incentive Plan following 6 months employment
- Life Insurance cover where your next of kin will receive 4 times your annual salary
- Refer a friend bonus (£500)
- Corporate season ticket travel
- Length of service cash incentive
- Automatic enrolment into the Company Stakeholder Pension Scheme following 3 months employment.
The future looks bright
Your development is important to us - we support and encourage development including internal and external accredited courses, study support and E-Learning and internal promotion.