Information Security Manager – ISEB, ISO, GDPR, London
We are working with a client based in central London with offices around Thames Valley who require an Information Security Manager to provide advise and support on Information Security and Data Protection, Risk Management, and compliance.
- The main purpose of the role is to enable the Board and the Senior Management Team to take assurance on the adequacy of risk management and internal controls relating to information security risks, data protection and subject access requests and to fulfil the organisation’s legal and contractual obligations.
- Provide an expert advisory service, in a robust and timely manner, on Information Security and Data Protection matters. Act as prime advisor on data protection matters and support the wider information security team as appropriate.
- Lead and support the review, maintenance and ongoing improvement in the Information Security Management System (ISMS) in line with ISO 27001 and wider business objectives.
- Undertake research; collation and analysis of data; and the monitoring of compliance plus contribute to the development of the Information Security strategy, policies and procedures.
- Ensure that management and staff are kept up to date and comply on matters relating to Information Security regulations, legislation and contractual compliance as well as other related matters.
- Contribute to the implementation and maintenance of an Information Security Awareness training programme, ensuring (as a minimum) that all staff undertake the formal training upon commencement of employment and on an annual basis. Support ongoing awareness through team meetings/briefings, emails and intranet – ensuring the most appropriate channel(s) are used to secure best effect.
- Contribute to and promote improvement in the overall corporate control framework by undertaking a programme of internal compliance audits of premises and offices systems to identify and manage information security risks.
- Undertake security risk assessments and make recommendations for improvement.
- Undertake formal Information Security investigations into security incidents – record risks, controls and lessons learnt and advise the business accordingly
Essential Experience & Qualifications
- ISEB Certificate in Information Security Management Principles
- At least 3 years experience in Information Security and Data Protection essential
- Experience of working with ISO 27001 and other associated Information Security Standards.
- Experience of working with formal project management systems
- Experience in applying the Data Protection Act 1998 e.g. subject access requests and the Freedom of Information Act 2000 requests to include the application of exemptions
- Familiarity with General Data Protection Regulation 2016/679 implications
- Experience in risk assessment processes
- Experience in managing information security risks
- Experience of undertaking security audits
- Experience in conducting investigations into potential security breaches
- Experience in drafting policies and procedures
- Experience in delivering presentations and training
Skills and Abilities
- Good communications skills with the ability to communicate orally and in writing with stakeholders, management and staff and at levels.
- Ability to interpret and apply Legislation e.g. the Data Protection Act 1998
- Ability to provide professional advice on compliance with Information Security, Data Protection Act, Freedom of Information Act and associated legislation or legislative amendments and codes of practice.
- Strong interpersonal, negotiating and influencing skills.
- Ability to conduct presentations and training.
- Ability to communicate technical concepts to staff and management.
- Ability to influence and negotiate in engaging with management and staff.
- Conduct risk assessments.
- Conduct to investigate potential security breaches.
- Ability to research, review and analyse data and situations.
- Produce high quality statistical reports.
- Conduct internal security audits.
- Knowledge of information security frameworks and standards, to include ISO 27001
- Knowledge of the HMG Security Policy Framework (Desirable)
- Knowledge of relevant information security legislation
- Knowledge and understanding of the organisation’s business (Desirable)
Please get n touch for more information!