Information Security Manager
Richmond Upon Thames
Project Management & Business Analysis
£90,000 per annum
As the Information Security Manager, you will be part of the UK Technology management team, reporting into the Head of Operations. Working closely with your colleagues, in particular those in Delivery, Operations, Architecture, you will be responsible for the Information Security Management function, providing leadership and direction.
Your focus is to ensure that the organisation takes the right level of risk as regards information (technology) security, and that our information security status across the organisation is clear and transparent.
Working with the Data Protection Officer, you will have an appreciation of the various legal requirements driving security policy as well maintaining a deep understanding of the underlying technology and the security risks any software or solution presents.
You will propose and establish the approach to information security and the underlying governing policies, and work closely with the individuals responsible for implementation to ensure those policies are adhered to. Overall, the goal will be to increase the maturity of our information security processes and ensure they allow the organisation to continue to be commercially successful whilst navigating the associated information security challenges.
Key Responsibilities & Accountabilities
- Be the focal point for Information Security for the organisation, acting as a key contact and escalation point
- Work with colleagues to identify information security threats and vulnerabilities, and overall risk assessments
- In collaboration with colleagues draft and maintain security policies, standards, procedures and guidelines, ensuring compliance
- Work with the Data Protection Officer to ensure that information legal requirements are met including GDPR compliance
- Provide regular status updates of the current state of information security standards, practices and controls
- Working with the Group Accountant to ensure PCI-DSS requirements are met
- Work with the Solution Architects and our senior delivery team to ensure that information security becomes embedded into our platforms, development processes and culture
- Proactively monitor, report, and mitigate information security risks
- Provide technical leadership within the organisation on information security issues and associated technical solutions
- Working with others, drive organisational resilience and continuity planning
- Work the Data Breach and Major Incident teams when required
- Be accountable for creating appropriate levels of information security awareness in all employees
- Ensure that relevant Information Security policies are understood across the organisation and where appropriate provide training
Technical & Professional Skills
- Operating at a senior management level in an information security management role, including responsibility for technology audits and risk management
- Previous experience within technology architecture, development and operations
- Previous experience with perimeter security, data loss prevention and identity management
- Knowledge and experience of managing information legal requirements including Data Protection Act and PCI-DSS
- Experience with network and operations system security, encryption, key management processes and data security approaches
If you are interested in this role and would like to hear more please apply and you will be contacted immediately.