Security & Compliance Lead (Senior Manager)

Harvey Nash Consulting (Scotland) Limited
£65k - £70k pa + final salary pension, benefits
21 Apr 2017
21 May 2017
Contract Type
Full Time
We have a new Senior Security opportunity within a public sector organisation, who are going through massive technology change. The role of the Security & Compliance Manager is a "hands on" role, reporting to the IT Director for the group.

The Security & Compliance Manager is responsible for the on-going management and development of the groups Information Security Management System, including security governance, risk management and compliance with ISO 27001:2013

The role of Security & Compliance Manager leads the way to ensuring that the group is compliant with, PCI DSS through policy alignment and governance whilst ensuring that operational risk is fully mitigated.

You will effectively manage contracts as well as the relationships with, and performance of all partners & suppliers associated with security & compliance, including responsibilities:
* Responsibility for systems and information security & compliance in relation to vessels, ports and harbours
* Plan, coordinate and implement security controls to maintain security posture on IT infrastructure, whilst working on existing security projects and initiatives, and developing appropriate project plans and timelines to support future Security & Compliance.
* Execute risk related issues and recommend mitigation to adequately address them
* Manage adherence to the EU General Data Protection Regulations
* Develop, encourage and push forward innovation and new practices
* Develop, enable and champion an effective Security Team of Security & Risk Controllers

The line management aspect of the role will a small team, with the main focus being on stakeholder management across the group.

We are keen to speak to you if you have the following track record and commercial expereince in the following:

* Appropriate professional certification CISM, CISSP
* Minimum of 5 years experience working in a similar role within a multiple supplier environment
* Lead AuditorCertification of ISO 27001:2013
* Certification in PCI-DSS standard
* Knowledge of risk assessment and auditing approaches & methodologies.
* Strong Leadership skills and extensive experience in Stakeholder Engagement & Management
* Able to work under pressure and think clearly in challenging situations in a logical manner
* Good relationship builder with strong diplomacy and negotiating skills
* Solid understanding of project management principles and methodologies and extensive experience working with projects involving information security management

The role is permanent, based in Gourock, with travel nationally.

For more information, please send your updated CV on the first instance.