We’re excited to announce an opportunity for an Information Security Manager to join our dynamic Digital Services team at ARAG UK.
As a member of the Digital Services team, this role will be at the forefront of ARAG UK’s security strategy, ensuring the confidentiality, integrity, and availability of ARAG’s information and information systems. The successful candidate will be accountable for ensuring our ISO27001 accreditation is adhered to and successfully renewed, assessing information risk, and facilitating remediation of vulnerabilities within the company’s network, systems, and applications. You will also lead on strategy, road mapping, and planning of security initiatives, as well as managing the information security team.
This is an excellent opportunity to report on findings, apply recommendations for corrective and preventative actions, and identify opportunities to reduce security risks. Key responsibilities include documenting remediation options regarding risk acceptance or mitigation, and monitoring the performance of risk remediation tasks, changes related to risk mitigation, and reporting on findings. The role will help the company understand security threats and develop strategies to protect ARAG’s assets across multiple entities.
This is a strategic and hands-on role, where you will manage a small team, support the Security & Governance Manager in driving the IT security strategy, lead projects, coordinate team efforts, and mentor staff. You will work with others in Digital Services and the wider organization to ensure appropriate leadership and accountability in security. The role involves engaging with our parent company to ensure our ISMS aligns with their standards and frameworks, and implementing necessary changes and improvements in our Information Security Systems.
We seek candidates with high technical, organizational, and communication skills. You will contribute to audit responses, especially in InfoSec, and help improve response processes and standardization.
Key Qualifications and Skills:
* Good understanding of information security frameworks, standards, and best practices (ISO27001, NIST CSF, Cyber Essentials, OWASP).
* Knowledge of data protection legislation and regulatory requirements (GDPR, FCA SYSC, PCI DSS).
* Experience with security analysis tools and technologies (SIEM, VAS, IDS/IPS, Firewalls, IAM, NAC, patch management, anti-malware).
* Understanding of security incident management and response processes.
* Knowledge of authentication technologies (e.g., two-factor, multi-factor).
* Familiarity with Zero Trust principles.
* Knowledge of endpoint security solutions.
* Experience with AWS and cloud platforms.
* System administration skills supporting multiple platforms.
* Ability to conduct vulnerability scans and identify vulnerabilities.
* Awareness of the current Threat Landscape and modern malware techniques.
* Experience delivering presentations to leadership teams.
* Intermediate expertise in IT risk management or related disciplines.
Our team is passionate and enthusiastic. We encourage independent thinking and ownership. In return, we offer a generous remuneration package, including 27 days holiday (plus options to buy more), pension scheme, Income Protection, Legal Protection, European Assistance, private medical insurance, salary sacrifice benefits, wellbeing programs, and discounts.
If you believe you are a good fit and can demonstrate transferable experience, please apply, even if you do not meet all criteria.
#J-18808-Ljbffr