Information Security Advisor

Who are we? 

Ceres is a fuel cell technology and engineering company whose aim is to bring cleaner and cheaper energy to businesses, homes and vehicles. We are working with world-leading partners to embed our SteelCellâ„¢ technology in mass-market energy products for the commercial, residential and transportation markets.

Our world-leading, fuel-flexible SteelCellâ„¢ can generate power from conventional fuels like natural gas and from sustainable fuels like biogas, ethanol or hydrogen at very high efficiency.

Made from mass-market and widely available materials, the SteelCellâ„¢ is inherently cost-effective, robust and scalable. It is an ideal technology to tackle air pollution and climate change as it significantly lowers carbon emissions and pollutants, lowers running costs and can enable renewables.

 

Purpose of the Job:

Reporting into the Information Security Change Manager, this role will support the day to day operations of the InfoSec team and contribute to the overarching InfoSec Change Programme building relationships with key internal stakeholders and working with strategic partners to enable the business to seamlessly leverage its IP assets while maintaining a high level of security.

As the Information Security Advisor, you will be the primary point of contact for Information Security queries and will play a key role in establishing new controls and processes. You will spearhead the Information Security operational movement for the business, such as achieving Cyber Essentials Plus certification and monitoring Information Security Compliance on internal systems and processes.

You will also participate in risk management, including conducting risk assessments, maintaining a risk register and the identification and application of cost-effective actions.

  

Key Responsibilities:

Support the:

  • Development of a culture of security awareness and practice throughout the business with regular communication and refresher training for internal individuals.
  • Building, configuring, testing, compliance and maintenance of Information Security policies, processes and procedures.
  • Scoping, implementation, testing and deployment of projects/new capabilities.
  • Identification, assessment and treatment of IS risks, threats, issues and incidents.

Carry out:

  • Third party management of IS Service Providers
  • Risk mitigation actions
  • Monitor and report on IS systems and processes, issues/incidents, and metrics
 

Knowledge, Skills, Experience & Personal Attributes

It is essential that, along with a strong knowledge of Information Security concepts and approaches, the post holder is able to engage with a wide range of employees with differing backgrounds and technical competencies.

  • Awareness of; ISO27001, Cyber Essentials Plus, NIST 800 and CIS 20
  • Understanding of Information and Cyber Security threats and vulnerabilities
  • Knowledge of specific operational impacts of cybersecurity lapses

 

Highly desired experience and attributes 

  • Carrying out business analysis covering:
    • Requirements gathering (Functional and Non-functional)
    • Process mapping
    • GAP analysis 
  • Data analysis and reporting
  • Awareness and understanding of:
    • Data calssification and categorisation
    • Data loss prevention 
  • Threat modelling (nice to have)
 

 

Applications from candidates who are also fluent in Korean, Mandarin, Cantonese or German are welcome, as well as from those who have experience of working or living within these countries and cultures.

 

We regret we are unable to accept applications from those who do not have the right to work in the UK.  Any such applications will be rejected without notice.

 

Closing date for applications:  28 March 2021

 

DIRECT APPLICATIONS AND ASSIGNED AGENCIES ONLY