Lead Technology / Information Security Auditor at Babylon Health, London, £Contractor Rate

  • Contract Spy
  • London, UK
  • Feb 23, 2021
Duration not stated

Contract Description

Lead Technology / Information Security Auditor - Contract

We are a team on a mission, to put accessible and affordable healthcare in the hands of every person on earth. Our mission is bold and ambitious, and it’s one that’s shared by our team who shares our values, to dream big, build fast and be brilliant.
To achieve this, we’ve brought together one of the largest teams of scientists, clinicians, mathematicians and engineers to focus on combining the ever-growing computing power of machines, with the best medical expertise of humans, to create a comprehensive, immediate and personalized health service and make it universally available.
At Babylon our people aren’t just part of a team, they’re part of something bigger. We’re a vibrant community of creative thinkers and doers, forging the way for a new generation of healthcare. We’re only as good as our people. So, finding the best people is everything to us.
We serve millions, but we choose our people one at a time…
Purpose of the Role
The Lead Technology / Information Security Auditor is responsible for supporting Babylon’s security management and governance leaders in the development, delivery and maintenance of  Babylon’s information security internal audit and technical compliance programme, to ensure Babylon complies with all relevant technology and information security legal, regulatory, contractual and business requirements.
Key Responsibilities

Key Responsibilities

    • Support the development of Babylon’s technology / information security audit strategy 
    • Develop and maintain the information security audit programme, including audit policy, processes and procedures
    • Plan, lead and conduct technical audits, systems compliance and other technical checks in accordance with Babylon processes best practice methodologies
    • Verify that information systems and processes meet the security criteria (requirements or policy, standards and procedures)
    • Discuss findings and agree corrective (remediation) and preventive (improvement) actions required with control owners 
    • Review the effectiveness of completed actions taken to close out findings
    • Identifies requirements for external audit resource support.

Key Skills required

    • Understands the legal and regulatory environment within which the business operates and has knowledge of relevant security related legal and regulatory requirements. 
    • Good level of technical information security knowledge and experience (5+ years experience).
    • Good level of knowledge of information security audit methodologies and best practices (CAC or equivalent).
    • Broad technology industry knowledge and technical awareness to identify control suitability and opportunities improve and optimise control implementations 
    • Demonstrable experience of managing technology compliance requirements 
    • Strong communication and influencing skills, with personal gravitas and ability to effectively influence senior stakeholders
    • Effective organisation and project management skills, including business change experience 
    • Good commercial awareness.

Person Specification

    • Is creative and pragmatic, always seeking to achieve the best achievable outcome
    • Is compassionate and caring towards others. They respect the views and ideas of  others
    • Works in a straight-forward, collaborative and inclusive way and is non-political
    • Is tenacious, in the pursuit to delight our users. They strive for excellence in all they do and always look to improve our service and product
    • Regularly seeks to turn ideas into action and injects creativity into every touch point 
    • They question common practice to challenge the norm
    • Frequently has a can-do attitude and a positive viewpoint
    • Takes ownership and always delivers against what is agreed.

Qualifications - Essential

    • Batchelors degree in related business, technology or information security discipline and / or 5 years work experience in a technology or information security audit or compliance role for a global organisation.
    • Certified Information Systems Auditor (CISA) or Cybersecurity Audit Certificate (CAC) professional qualification or other equivalent professional qualification; or commitment to obtain such a qualification within an extended 6 months probation period.

Qualifications - Desirable

    • Cybersecurity Practitioner Certification  (CSX-P)  / Member of ISACA
    • Certified Information Systems Security Professional CISSP / Member of ISC2