Information Security Manager
A great opportunity to join the newest 300 year old business in the paper industry. Our customers are pretty unique and the products we sell are really cool (you will never look at a passport or a banknote the same again).We are seeking an Information Security Manager to take responsibility for the establishment, maintenance and development of enterprise vision and strategy for Information Security. Ensuring information assets (in all forms) are adequately protected globally.You'll support the management of operational risk including compliance, information security and security risk by assessing, advising on, monitoring and reporting risk exposure and controls, as well as initiating actions to mitigate risks and ensure that all policies and procedures are tested and audited on a regular basis so that all regulatory compliance is met.You'll also be accountable for developing, gaining buy-in and implementing an Information Security strategy which meets business requirements, and ensuring that all areas of Information Security, Disaster Recovery and Business Continuity aligned with Portals De La Rue vision of delivering certainty to our customers with secure solutions.Key accountabilities:
- Manage the development and implementation of group security policies, standards, guidelines and procedures to ensure ongoing maintenance of security, compliant and or in alignment with ISO27001 security framework. Ensure that such practices are followed.
- Develop and manage a programme to ensure the successful certification of IS Operations against ISO27001 standards in line with agreed timeframes.
- Provide Information Services guidance and updates to the Portals De La Rue leadership team and ensure that IS issues are visible and reported within the central Business Risk KPIs.
- Act as IS representative for the Internal Audit Committee. Management of both the internal and external Group IS audit function, including the management of the IS audit schedule. Undertaking internal site and external 3rd party audits, the subsequent creation of security assessment reports and the development and management of plans to mitigate any actions found through to completion.
- Act as IS representative for the Business Continuity Plan (BCP) Steering Committee. Ensuring both IS and business requirements fully considered, documented and where possible tested, within site BC plans.
- Provide the business with real time monitoring and a proactive defence capability against internal and external security threats through the active management of strategically deployed Intrusion Prevention Sensors and use of internal penetration testing as required.
- Responsible for the management of the Vulnerability and Threats Security Forum. Used for the proactive assessment of potentially new and emerging IS security issues, and the management of subsequent agreed mitigating controls through to completion.
- Bachelor degree in Computer Science or a related discipline.
- Professional certification, such as Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or Certified Information Systems Auditor (CISA).
- Knowledge of security and control frameworks, such as, ISO 27001/2, SAS 70, ITIL and PCI-DSS.
- Relevant experience in the Information Security field, including significant experience of Information Risk Management, IT Audit, Operational Risk management or compliance.
- Experience with business continuity planning, auditing and risk management, as well as contract and vendor negotiation.
- In-depth knowledge and experience of Information Security standards.
- Experience of auditing systems and processes, experience in project management methodology and experience of data protection.
- Knowledge of current technological trends and developments in the area of information security
This job was originally posted as www.totaljobs.com/job/80216260