Job Title: Information Security Manager

location:

remuneration: £

employment type: perm

Job Overview:

Working for a blue chip Professional Services Firm in order to provide expertise across a range of information security activities including IT risk management, third party assurance, ISO 27001 compliance, and management reporting.

Reporting into the Director of IT Security & Risk Management the ideal candidate should have an in-depth understanding of the principles, concepts and technologies relating to IT Security with experience in working in a highly technical, dynamic environment, and be able to demonstrate the ability to communicate at all levels of the business

Main Responsibilites

ISO27001 Management

• Ensure IT Servicescompliance with the Firms ISMS\ISO27001 framework.
• Monitor security policies, programs or procedures to ensure compliance with internal security policies, licensing requirements, or applicable government security requirements, and directives.
• Generating reporting to demonstrate ISO27001 compliance.

• Manage security elements of 3rd party assurance processes.

• Manage, maintain, and develop audit framework.
• Agree risk assessment methodology with Internal Assurance.
• Manage ITS audit response and follow-up.
• Audit reporting.

• Document and communicate IT operational risks.
• Maintain data quality of risk management systems.
• Recommend ways to control or reduce risk.
• Perform cost-benefit analysis of risk mitigation scenarios to identify the most appropriate risk management approach.
• Devise systems and processes to monitor validity of risk modelling outputs.
• Develop or implement risk-assessment models or methodologies.
• Produce reports or presentations that outline findings, explain risk positions, or recommend changes.
• Managing or co-managing IT Risk activities to provide exceptional service to the firm and its clients.

Requirements

• Proven experience of managing IT compliance with ISMS\ISO27001 frameworks.
• Experience in, writing Information Security policies in the context of ISO27001 framework.
• Management of audit activities from standards bodies, vendors, clients and other regulatory bodies.
• Well versed in risk assessment techniques and methodologies.
• Team leadership experience
• Proven experience in presenting compliance-related topics to non-technical audiences
• Demonstrable current industry knowledge
• CISSP\CISA\CISM qualifications or relevant industry experience.
• Experience from professional services\financial sector (preferably Big 4 experience).
• Strong academic background with a minimum 2:1 degree.

• Broad knowledge of a wide range of IT technologies and the inherent security risks.
• Understanding of information security principles and best practise (e.g., ISO27001 and ISF Standards of Good Practice for Information Security).
• A strong understanding of incident management.
• Strong technical abilities, combined with business acumen.
• Ability to communicate business and technical risk to all levels of audience.
• Excellent interpersonal skills with ability to build and influence teams.
• An excellent eye for detail, meticulous in detailed reporting, and with a pleasant manner to encourage understanding and buy-in to compliance-related initiatives.
• Able to work using own initiative with minimal supervision, often progressing a number of different activities within the same timeframe.

Share This Job