Information Security Manager | Permanent
The risk, compliance and technology directorate comprise of the compliance team, enterprise risk team, the IT team and the facilities team. It delivers numerous change projects across regulatory compliance, reporting and delivery of the IT and physical environment in which the corporation operates.
The Information Security team within the compliance function is accountable for the development, implementation and on-going maintenance of the three ISMSs (Information Security Management Systems) across the Corporation and its two key suppliers, all certified to ISO 27001 and acts as the body responsible for ensuring Data Protection Act compliance across the business.
The Information Security Manager reports to the Head of Information Security and is responsible for operating and managing the ISMS processes in line with the Information Security Policy, Standards and Procedures in order to maintain ISO 27001 compliance.
Experience and technical skills
The employee will be able to demonstrate the following experience and technical skills:
- A broad knowledge base in various technologies and platforms found in most businesses and a sound foundation in accepted security practices and solutions.
- Solid experience of implementing and maintaining an ISO 27001 certified ISMS
- Solid experience dealing with 3rd party suppliers on security and ISMS related deliverable
- Solid experience of interpreting penetration, non-functional and vulnerability testing results, articulating highly technical risks in business terms.
- Experience of mentoring, developing junior members of staff.
Personal attributes required
The role will require someone with the following personal attributes:
- String people management and supplier management skills
- Strong stakeholder management skills
- Good advocacy skills to ensure that the organisation's information security requirements are taken seriously and adhered to
- The ability to explain complex technical requirements using clear and unambiguous language
- The ability to see the big picture, as well as understand and challenge the detail when required.
- Willingness to work with others, excellent teamwork, and excellent communication skills
- The ability to cope with multiple tasks/projects
Education, qualification and professional membership requirements
The successful candidate will have the following skills and education:
- Appropriate security qualifications eg CISSP, CISA, CISM or equivalent.
- ISO 27001 Auditor/Implementor (beneficial).
- Educated to degree level or equivalent (ideally in a security or computing related discipline).