Information Security Manager

Information Security Manager | Permanent

The risk, compliance and technology directorate comprise of the compliance team, enterprise risk team, the IT team and the facilities team. It delivers numerous change projects across regulatory compliance, reporting and delivery of the IT and physical environment in which the corporation operates.

The Information Security team within the compliance function is accountable for the development, implementation and on-going maintenance of the three ISMSs (Information Security Management Systems) across the Corporation and its two key suppliers, all certified to ISO 27001 and acts as the body responsible for ensuring Data Protection Act compliance across the business.

The Information Security Manager reports to the Head of Information Security and is responsible for operating and managing the ISMS processes in line with the Information Security Policy, Standards and Procedures in order to maintain ISO 27001 compliance.

Experience and technical skills

The employee will be able to demonstrate the following experience and technical skills:

  • A broad knowledge base in various technologies and platforms found in most businesses and a sound foundation in accepted security practices and solutions.
  • Solid experience of implementing and maintaining an ISO 27001 certified ISMS
  • Solid experience dealing with 3rd party suppliers on security and ISMS related deliverable
  • Solid experience of interpreting penetration, non-functional and vulnerability testing results, articulating highly technical risks in business terms.
  • Experience of mentoring, developing junior members of staff.

Personal attributes required

The role will require someone with the following personal attributes:

  • String people management and supplier management skills
  • Strong stakeholder management skills
  • Good advocacy skills to ensure that the organisation's information security requirements are taken seriously and adhered to
  • The ability to explain complex technical requirements using clear and unambiguous language
  • The ability to see the big picture, as well as understand and challenge the detail when required.
  • Willingness to work with others, excellent teamwork, and excellent communication skills
  • The ability to cope with multiple tasks/projects

Education, qualification and professional membership requirements

The successful candidate will have the following skills and education:

  • Appropriate security qualifications eg CISSP, CISA, CISM or equivalent.
  • ISO 27001 Auditor/Implementor (beneficial).
  • Educated to degree level or equivalent (ideally in a security or computing related discipline).

W1siziisimnvbxbpbgvkx3rozw1lx2fzc2v0cy9hb29kbwfuie1hc3nvbi9qcgcvu2fmzxjkb2jmb2dvlmpwzyjdxq

To stay safe in your job search we recommend that you visit SAFERjobs, a non-profit, joint industry and law enforcement organisation working to combat job scams. Visit the SAFERjobs website for information on common scams and to get free, expert advice for a safer job search.