Location: Hybridwith travel toNorthampton 1 day perweek
Salary:
Hours:37.5
The Information Security Manager reportingdirectly to the Head of Information Security will play a vital rolein ensuring that we protect our customers data and create a cultureof security within the business. This is a new role which has beenintroduced into the business to help deliver our organisationsinformation securityprogram.
RoleandResponsibilities
* Developand maintain an ISMS in compliance to ISO 27001:2022
* Help manage the certification process for ISO27001:2022 including all external audits and planning
* Manage internal security audits andassessments
* Develop implement and maintainpolicies and procedures for informationsecurity
* Research emerging security threats andidentify vulnerabilities
* Identify and reporton information security risks
* Develop a deepunderstanding of how the Staysure group operates
* Work closely with Risk & Complianceand IT; to ensure that all data is securely protected
* Help develop the training and awarenessrequirements for the business
* Build anddevelop relationships with key internal stakeholders aligning toour values and developing a security culture across the business
EssentialSkills
* ISO 27001 LeadImplementor/Auditor or at least 2 years of experience supporting anISO 27001 accredited business
* Good workingknowledge of security risk and control frameworks such as ISO 27001PCI DSS and ITIL
* Proven ability to establishand implement information security policies andprocedures
* Understanding of a range of securitytechnologies including firewalls cyber threat intelligence servicesDLP email security endpoint encryption end point security SIEMvulnerability management web security
* Abilityto review security controls assess control maturity and suggestimprovements
* Experience of assessing andmanaging security incidents service improvements and IT securityrisks
* Understanding of the Data Protection Act2018 and GDPR
* Knowledge of DisasterRecovery/Business Continuity processes
* Knowledge of cloud technologies
* Good knowledge of business benefits thatsecurity technologies and frameworks canbring
* Adept at Stakeholder management
* Strong presentation skills and ability toinfluenceothers
Desirable:
* CISSPCISM or CRISC