Job Description
Vacancy Name
Cyber Assurance Specialist
Vacancy No
VN071
Employment Type
Full-Time
Location City
Peterborough/Hybrid
About Upp
We’re Upp, and we’re building a world class, full-fibre broadband network to serve residential customers and businesses across the East of England and beyond.
We’re a start-up (incorporated in 2021) but our leadership team is brimming with experience from some of the UK’s leading telecommunications companies. Although we’ve only been up and running a short amount of time, our growth trajectory is aggressive, and our ambitions bold and exciting.
We’ve already hired over 150 people and our first customers are now connected in Lincolnshire and Norfolk. You’ll be joining Upp at an incredibly exciting time as we ramp up our rollout across more towns and start delivering the future of connectivity to the communities that need it most.
Our company values include personal responsibility (if we make a mistake, we own it), positivity (we assume the best of our team & colleagues at all times), as well as crucial focus on improving people's lives across the communities we serve.
By joining us at this early stage the opportunities for progression, growth and career development are great. The potential here at Upp is huge, but we know we need an amazing team to help us achieve our ambitious goals and to ensure we’re having fun while we do it.
About the role
We are looking to engage with an experienced, enthusiastic Cyber Assurance expert to join our high performing IT team. As Cyber Assurance Specialist you will be responsible for managing the InfoSec/Cyber risk framework and associated processes at Upp. The role will be responsible for assuring all compliance & audit requirements are being met, in a timely manner. You will own and run the DD schedule, working with third parties (existing and new), wider partnerships & outsourcing teams, to validate security controls ensuring alignment with UPP’s risk appetite. You will be responsible for scheduling, and the diary management of InfoSec/Cyber activities, responsibilities & GRC requirements and ensuring all reports are collated and presented promptly. You will be skilled in establishing new relationships with third parties in the concept stages, identifying any risks and working with relevant stakeholders to put appropriate remediation/mitigation steps in place. You will have the opportunity to work with a high level of independence, collaborating with technology colleagues and stakeholders to achieve your personal objectives, aligned to business goals.
Key Requirements
Your day to day responsibility will include;
- Managing the InfoSec/Cyber risk framework, risk register, risk assessments, acceptances, and oversight of the risk treatment plans
- Owning the process for managing & reviewing InfoSec/Cyber policies, PEG’s, processes, procedures & Standards
- Engaging with the wider business stakeholders to ensure InfoSec/Cyber is aligned with the business objectives
- Performing third party Due Diligence reviews on third parties and identify security risks
- Facilitating the completion of key partner external DD requests by our 3rd parties
- Updating and delivering the security awareness programs including written and verbal presentations
- Perform line 1 security control checks against applications and systems
- Contribute to monthly and quarterly MI reporting
- Coordinate the tasks required of ISO27001 & ISO22301 certification
- Assist with vulnerability management and Incident response when required
- Advise on InfoSec standards and the cyber control environment from across the business
- Actively share learnings and regular take opportunities to improve practices and processes
- Provide regular team updates to peers, wider technology team and stakeholders
Knowledge, skills & experience
Essential
- Strong analytical & communication skills
- Attention to detail and high quality of output is key
- Ability to verbally communicate to large audiences
- Understand how policies & standards interact with frameworks
- Understand Information Security Risk Management
- Experience working with 3rd party partners and suppliers
- Good stakeholder management experience
- Ability to work independently with good time management
Desirable
- CRISC and CISA certifications
- Working knowledge of Information Security Risk Management
- Working ISO27001 & ISO22301 knowledge and experience
- Working knowledge of Infosec and Cyber security standards
Applications Close Date
31 Mar 2023
Benefits
Car Allowance, Annual Bonus, Employee Equity Scheme, Medical and Dental Cash Plan, Life Insurance
Salary
60,000.00 - 64,000.00
Location Country
United Kingdom
Job Type: Full-time
Salary: £60,000.00-£64,000.00 per year