Information Security Assistant Manager

Key duties and responsibilities will include:

The Information Security Manager will be responsible for: 

Development:

• Familiarity with AWS security tools and embedding security within an AWS cloud environment
• Comfortable working within the software development life cycle
• Experienced with working within Agile and Scrum project management frameworks
• Working alongside third party development teams and holding them to account

Assurance and customer onboarding:

• Manage reviews requested by ORX member and subscriber organisations (and prospective customers), managing and addressing any resultant findings
• Create and maintain documentation to enable members and subscribers to transition to the new platform in a repeatable, reliable and consistent way
• Respond to member and subscriber reviews, escalating queries to the Information Security Manager where required
• Working with the project team, maintain oversight of new platforms to identify weaknesses or gaps in line with industry control standards
• Ensure third party suppliers are compliant against our supplier management framework
• Identify and challenge behaviours or activities that contravene risk policies and procedures

Subject matter expertise & continuous improvement:

• Maintain an up-to-date working knowledge of the relevant regulations and legislation, e.g. ISO27001, ISO9001 standards (and other information governance standards)
• Maintain an up-to-date working knowledge of a broad range of technologies including common vulnerabilities and exploits, with a comprehensive knowledge of security controls
• Be proactively aware of what ORX member and subscribers will expect from ORX services

Communicating, training and awareness:

• Provide advice and input on the risk aspects of all programme activity to ensure it has been considered and is taken into account appropriately
• Run information security awareness and training as appropriate for members and subscribers

Infosec strategy and improvement programme:

• Assist the Information Security Manager to build and enhance new and existing stakeholder relationships, with external supplier but also with other internal business areas
• Help drive general alignment with ISO27001 principles for the management of our most confidential data within the new data exchange platform

Policies and procedures:

• Work with the Information Security Manager to ensure alignment within the programme with existing InfoSec policies and procedures, in line with risk appetite and good practice

Infosec risk management, governance and reporting:

• Provide input into the programme risk and control register, with general alignment to ISO27001 where in scope
• Act as the subject matter expert and be responsible for information security in the programme
• Work with the Information Security Manager to plan, build and oversee execution of business continuity plans and business incident tests (including disaster and phishing tests) as required for the programme
• Identify programme and project risks and work with the programme and operational teams to reach a satisfactory resolution
• Keep appropriate records and provide periodic business reports regarding the programme security posture for reporting up to the Executive Team and Board Audit, Risk and Quality Committee (BARQC)

There will also be a requirement to deputise for the Information Security Manager in their absence and cover other ad hoc duties as required.

Find out more about the recruitment process: 

• 1st stage of interview process will be a virtual call with hiring manager
• 2nd stage of interview process will be a formal interview with hiring managers in person in our central office in Bath, there will be a task at this stage
• 3rd stage of interview process will be a virtual call with Project lead consultant

Applications are to be emailed to careers@orx.org (we would like them to email their CV, cover letter with salary expectations)

How can I be supported?

You can share any adjustments you need at any stage of the application process by contacting people@orx.org. If you have a disability, if you are neurodivergent, or if you have a health condition that may affect you during the application process, we encourage you to discuss adjustments with our People team.

Some reasons why candidates may need support include but are not limited to: physical disability, dyslexia, dyspraxia, hearing/visual impairment, stammer, stutter, anxiety, depression, menopause, and long-term health conditions.

Some examples of adjustments that can be made for candidates include, but are not limited to:

• Additional time to complete online assessments or interviews
• Providing information about assessments during a briefing call
• Adjusted font size or contrast settings on online assessments, exercises, tasks, and presentations
• Completing assessments via video call rather than online

Workplace adjustments

The support we offer throughout the recruitment process doesn’t end after the application. We know that employees have varying needs in the application process and at work, which is why we want to help employees at ORX get the support they need to thrive.

ORX is committed to providing employees with the tools and support they need, we can consider adjusting, removing, or reducing any barriers you might face if you have a disability, health concern, or mental health condition.

Workplace adjustments (or accommodations) help us do this and can be considered for all our employees.

Some of the adjustments we’ve provided for our employees include but are not limited to:

• Ordering specialist equipment (like assistive technology and ergonomic furniture)
• Adjustments to objectives or targets
• Changing working arrangements, using flexible working or regular breaks

Hybrid working:

We offer a hybrid working (mix of remote and office working) built around supporting your role and your home life commitments wherever possible. The minimum days in the office are 10 per quarter. 

Benefits:

Competitive salary
Discretionary performance related bonus scheme
25 days holiday a year, increasing by 1 day for each year of service to a maximum of 28 days
8% company contribution to pension
Employee recognition scheme
Support for training and development
Life assurance
Health cash plan
Perks at work scheme
Employee assistance programme
Holiday trading
Sabbaticals and long service awards
Summer and Xmas social events
Cycle to work
Inclusive and supportive working environment under benefits please can we add in
Workplace nursery scheme

We have a great culture and we’re proud of our people and the high engagement demonstrated year after year in our employee survey. We recognise and reward hard work, whilst respecting work-life balance. Our hybrid working sees our team getting together when necessary. Days in the office are 10 per quarter, which enables our teams to establish a working pattern that suits us, and you. We recognise that family time, being there for the school run and enjoying life at home is as important as collaborating with others, socialising as a team, and maximising the informal learning and innovation that happens when we’re together in the same place.