Information Security Manager
IT, Applications & Development - Hatfield, Hertfordshire
Our Client are looking for a self-starting individual who can take ownership of the Information Security Control and Risk Landscape within the business. As a greenfield / start-up, the model's definition is new and requires significant input to develop and implement.
You will work alongside the Infrastructure and applications teams as part of the overall Information Technology function to define, influence and own the security control landscape. While this role will predominantly be focussed on management of risk and control, their will be occasional requirement to support the organisation technically in the achievement of the control objectives.
As a greenfield site, a security control model has been defined but now needs to be delivered. The successful candidate will work with the technology teams to implement these controls, define the operating procedures and take ownership of the end to end security model.
Job Duties and Responsibilities
- Ownership of the overall Information Security Framework and its successful delivery within the organisation
- Ownership of the information security policy set and their adoption within the organisation
- Ownership of the security control landscape and its successful operation within the organisation.
- Ownership of Security incidents and their management within the organisation
- Ownership of innovations to the organisation's security model.
- Ownership of the Security Risk Register and its accuracy within the organisation.
- The identification and alignment with relevant legislative and regulatory frameworks applicable to the organisations operating models and territories.
- Interfacing with management across the organisation to understand their technology and business process requirements in order to ensure that adequate security is developed and maintained.
- The identification and management of new risks based on the ever-changing external threat landscape and their appropriate allocation of ownership within the organisation.
- The management of the organisation's information assets and alignment with appropriate data protection frameworks such as GDPR/DPOv2.
- The ongoing reporting and KPI development for Information security in order to report its effectiveness within the organisation to the management team.
- The review of technology & service proposals from the business to ensure that they do not compromise the existing security model and have adequate security built in.
- The management of the annual Threat and Vulnerability management programme for the organisation.
- The management of the ongoing Security Awareness and Cultural engagement programme for the organisation.
- Managing third party security specialists from partners / vendors to aid in the delivery of the overall security programme and its objectives.
- Management of the security exceptions process, associated risks and violations.
- Supporting the daily operations and running of the technical teams through advice and information relevant to the business from the external security threat landscape.
- Management of information security incidents and the associated business impacts.
- Management of the ongoing Security Monitoring and Alerting programme.
- Management of the day to day security controls within the estate such as those protecting EUC, Servers, Infrastructure and other aspects of the Organisations attack surface.
- To undertake other reasonable duties as required by the management team.
Person Requirements (Knowledge, Skills, Qualifications and Experience)
- You will have a minimum of 5 years' experience in an information security focussed role.
- You will have a technical background in either, infrastructure, applications or EUC including hands on experience and expertise in these area(s).
- You will have a recognised security qualification such as ISC2 CISSP, CISA or CISM or the equivalent proven experience.
- You will have prior knowledge of security frameworks such as PCI-DSS, ISO27001, CIS CCFv7, NIST, and will have experience in the delivery and/or management of at least one of them.
- You will have knowledge and experience of cloud platforms such as Microsoft 365, Azure, AWS & G-Suite and the associated security models available.
- You will have experience working with and managing the deliverables from third party specialists within the cyber industry such as service providers in the Penetration testing industry.
- You will have strong attention to detail as well as good written and verbal communication skills
- You will be able to work autonomously or as part of a team as needed and be able to manage multiple stakeholders at different levels of the organisation often with conflicting priorities.
- You will be an analytical thinker with proven problem solving skills.
If you are interested in this opportunity please apply now!
Your CV will be forwarded to Jonathan Lee Recruitment, a leading engineering and manufacturing recruitment consultancy established in 1978. The services advertised by Jonathan Lee Recruitment are those of an Employment Agency.