Information Security Officer

This job has now expired
Westminster London

The Technology Team is undergoing a transformation.

Technology executes a mixture of on-premise, Cloud and 3rd party sourced Technology services, within a hybrid/modern infrastructure that utilises some of the latest technologies. The Technology function serves over 700 staff in NCIs and NCIs co-located bodies and aims to adopt common solutions across NCIs where practical.

Technology provides a broad range of customer focused IT services such as technical architecture and support, networks, change management, business analysis, project management, Procurement, systems administration and applications hosting requiring a range of sophisticated and innovative skills.

As Information Security Officer, you will be responsible for providing expert support and guidance in the area of Information Security to the National Church Institutions (NCIs) as part of our internal Infrastructure Services team.

Reporting to the Infrastructure Services Manager, you will take the lead for all activities, projects, BAU that require cyber security supervision within our technology portfolio, including both on-premise and cloud platforms. You will ensure that all aspects of cyber threat are addressed within an ISMS that meets operational and business requirements, while advocating a culture of knowledge sharing, and excellent customer focus.

This role is based in Westminster and requires working at Lambeth Palace or Bermondsey and occasional travel to supported housing locations across the country.

In return we offer a unique environment with opportunities for continuous learning, generous annual leave for work life balance, season ticket loans and a range of benefits including discounted entry to attractions and what we feel is a market leading package when it comes to our pension scheme.

The Role :

  • Oversee, evaluate, and support the documentation, validation and assessment of Information Security Management System (ISMS) processes necessary to assure that existing and new information and information processing systems meet the organisation's cybersecurity and risk requirements.
  • Ensure that the appropriate treatment of risk, compliance, and assurance is followed from both internal and external perspectives
  • Conduct comprehensive assessments of the management, operational, and technical security controls and control enhancements deployed within or inherited by an information and information processing systems, advising and assisting the Infrastructure Services team to prioritise corrective actions
  • Build strong relationships within the NCIs to support and enhance a collaborative approach to achieving good Cyber Security goals
  • Manage the agenda of the Information Security Steering Committee (a new function)
  • Manage the internal audit plan leading to Cyber Essentials Plus certification with a view to a future ISO27001 certification
  • Lead, coordinate, communicate, integrate, and be accountable for the overall success of the risk management program, ensuring alignment with agency or enterprise priorities
  • Works with other NCIs when required to ensure compliance with GDPR requirements and provides IT information and assistance as necessary
  • Monitors compliance with security policies, standards, guidelines and procedures
  • Consults with NCI and technology staff on potential business impacts of proposed changes to the security environment
  • Reviews risk assessments, analyses the effectiveness of information security control activities, and reports on them with actionable recommendations
  • Assesses threats and vulnerabilities regarding information assets and recommends the appropriate information security controls and measures
  • Coordinates the development of information security disaster recovery test plans, testing, and documentation for each application
  • Leads and responds to security incidents and investigations, targets reviews of suspect areas
  • Produces regular (monthly) reporting on Cyber Security events to highlight trends and effectiveness of threat prevention in place
  • Leads and reviews application security risk assessments for new or updated internal or third party applications

The requirements :



  • Knowledge of NIST family of standards
  • Knowledge of applicable business processes and operations of customer organizations
  • Knowledge of the specific operational impacts of cybersecurity lapses
  • Practical experience of applying ISO 27001 controls in a NfP operational environment
  • Formal education or qualifications in Information Security preferred (e.g. CISSP)
  • Able to maintain awareness of the cyber security market place and of improvements in technology that will support opportunities for the NCIs to take advantage of these


  • Broad understanding, hands on experience and evidence of working in the IT Industry and within the IT security compliance and governance agenda
  • Good infrastructure framework experience e.g. HyperV, client and server operating systems, application, desktop and server virtualisation, storage, networking, software and hardware upgrades, database, systems management
  • Working successfully with colleagues and 3rd parties to evangelise good cyber defence practices
  • Significant experience in developing, documenting, planning and implementing information security architectures and roadmaps and ensuring effective compliance by all IT and NCIs staff
  • Providing professional consultancy, advice and designs for new requirements, impact assessments, technical queries, in a cyber security setting
  • Experience in writing and presenting reports for and to a variety of purposes and audiences


  • Demonstrable knowledge and previous work experience of managing cyber and risk processes (e.g., methods for assessing and mitigating risk)
  • Demonstrable knowledge and previous work experience of Cyber Essential Plus framework and the ISO 27000 family of standards
  • Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy
  • Proficiency in developing and applying ISO 27001 standards in an operational infrastructure environment
  • Ability to communicate complex information, concepts, or ideas in a confident and well organised manner using ‘plain’ non-technical language

Personal Attributes:

  • Committed to delivering a high level of customer service
  • Able to lead by example, engender trust and demonstrate gravitas and credibility
  • Attention to detail, including tolerance and the ability to handle detail, analyse, understand and produce detailed information accurately
  • Committed to continuing professional development and identifying means to maintain essential appropriate knowledge



  • Demonstrates knowledge of good security practice ensuring that all aspects of Confidentiality, Integrity and Availability are adhered to.
  • An Information Security certification (CISM, CISMP, CISSP or similar).
  • Knowledge of securing hybrid and cloud infrastructure environments.
  • Ability to think methodically and logically and have well-honed communication skills.

We in the National Church Institutions support the mission and ministries of the Church all over England. We work with parishes, dioceses (regional offices), schools, other ministries and our partners at a national and international level.

Excellence, Respect, Integrity

We follow these three values in everything we do, whether we are of Christian faith, another faith or no faith. To learn more about working for National Church Institutions and our benefits, please click here

As we are a member of the Armed Forces Covenant, we welcome all applications from those you have served in our Armed Forces and their families

We are committed to building a culturally diverse workforce. As part of this commitment, we welcome applications from people, regardless of their background. As a Disability Confident committed employer, it is important to note that there may be occasions where it is not practical or appropriate to interview all disabled applicants who meet the minimum criteria* due to high volume. We limit the amount of interviews conducted to five applicants per open post we advertise.

*Where applicable depending on post requirements.