Job title: Information Security Manager
Salary: Up to £40,000 depending on experience, plus benefits
Reporting to the Head of Information Security, you will principally advise and enable technical teams to make security decisions and provide advice and guidance, ensuring the effective use of common tools and patterns. You will have a proactive responsibility to assist in the delivery of secure systems and implement proportionate controls by working with Product, Change, Risk, IT teams and 3rd party vendors.
You will lead on compliance reviews, certifications and accreditations (e.g. ISO27001, Cyber Essentials, GDPR etc.), implement effective and appropriate GRC controls and measures to protect systems and data and identify, communicate and manage current and emerging security threats with relevant stakeholders.
• Implement ISO 27001 framework and Information Security Management System (ISMS).
• Lead on compliance reviews, certifications and accreditations (e.g. ISO27001, Cyber Essentials, GDPR etc.).
• Implement effective and appropriate GRC controls and measures to protect systems and data.
• Identify, communicate and manage current and emerging security threats with relevant stakeholders.
• Develop Information security compliance frameworks, security policies and procedures, where necessary.
• Work with business, internal IT and 3rd party vendor teams to promote and adopt security best practices.
• Work with Security partners, Managed Security Service Provider (MSSP) to conduct and review regular security assessments of vendors and solutions (SaaS, IaaS providers and MSSP).
Knowledge and experience:
• Comprehensive understanding of Information Security Frameworks (e.g. ISO 27001, NIST CSF, [and Cyber Essentials) and UK and UK Data Protection Act 2018 including GDPR.
• Monitoring and reporting on compliance with security and data protection policies, as well as the enforcement of policies.
• Knowledge of security technologies such as IDS/IPS, vulnerability testing and Firewalls.
• Familiar with HMG Security Policy Framework requirements and Government Security Classifications.
Key competencies/ behaviors
• Excellent attention to detail
• Excellent data handling and numeracy skills
• Sound analytical skills, problem solving, interpretation and judgement
• Ability to develop into a subject matter expert and apply such knowledge to a role
• Commitment to team working and providing support to team members
Degree qualified and/or MSc Information Security desirable.
CISSP, CSSP, CISM, Cybersecurity or similar certifications.
ISO 27001 Lead Implementer or Lead Auditor certification.