Job Title: Information Security Manager
employment type: perm
Working for a blue chip Professional Services Firm in order to provide expertise across a range of information security activities including IT risk management, third party assurance, ISO 27001 compliance, and management reporting.
Reporting into the Director of IT Security & Risk Management the ideal candidate should have an in-depth understanding of the principles, concepts and technologies relating to IT Security with experience in working in a highly technical, dynamic environment, and be able to demonstrate the ability to communicate at all levels of the business
- Ensure IT Servicescompliance with the Firms ISMS\ISO27001 framework.
- Monitor security policies, programs or procedures to ensure compliance with internal security policies, licensing requirements, or applicable government security requirements, and directives.
- Generating reporting to demonstrate ISO27001 compliance.
- Manage security elements of 3rd party assurance processes.
- Manage, maintain, and develop audit framework.
- Agree risk assessment methodology with Internal Assurance.
- Manage ITS audit response and follow-up.
- Audit reporting.
- Document and communicate IT operational risks.
- Maintain data quality of risk management systems.
- Recommend ways to control or reduce risk.
- Perform cost-benefit analysis of risk mitigation scenarios to identify the most appropriate risk management approach.
- Devise systems and processes to monitor validity of risk modelling outputs.
- Develop or implement risk-assessment models or methodologies.
- Produce reports or presentations that outline findings, explain risk positions, or recommend changes.
- Managing or co-managing IT Risk activities to provide exceptional service to the firm and its clients.
- Proven experience of managing IT compliance with ISMS\ISO27001 frameworks.
- Experience in, writing Information Security policies in the context of ISO27001 framework.
- Management of audit activities from standards bodies, vendors, clients and other regulatory bodies.
- Well versed in risk assessment techniques and methodologies.
- Team leadership experience
- Proven experience in presenting compliance-related topics to non-technical audiences
- Demonstrable current industry knowledge
- CISSP\CISA\CISM qualifications or relevant industry experience.
- Experience from professional services\financial sector (preferably Big 4 experience).
- Strong academic background with a minimum 2:1 degree.
- Broad knowledge of a wide range of IT technologies and the inherent security risks.
- Understanding of information security principles and best practise (e.g., ISO27001 and ISF Standards of Good Practice for Information Security).
- A strong understanding of incident management.
- Strong technical abilities, combined with business acumen.
- Ability to communicate business and technical risk to all levels of audience.
- Excellent interpersonal skills with ability to build and influence teams.
- An excellent eye for detail, meticulous in detailed reporting, and with a pleasant manner to encourage understanding and buy-in to compliance-related initiatives.
- Able to work using own initiative with minimal supervision, often progressing a number of different activities within the same timeframe.