Information Security Manager
£65,000 - £75,000 PA plus excellent benefits
London (hybrid working)
Information Security Manager sought by a well-known and public-facing organisation with numerous sites spread across the county. The business is involved in significant, complex and critical logistical operations.
As a public-facing, Critical National Infrastructure business the Information Security Manager will be a crucial component in ensuring the effective management of both the technical cyber security environment and wider information security management piece for the business.
This role carries responsibility for ensuring appropriate cyber security controls, working alongside internal teams (including outside of IT), helping to ensure ongoing best practice and compliance. You'll oversee and enhance a comprehensive InfoSec/Cyber service; you will conduct site visits, assess risks, and recommend security improvements for infrastructure, servers, networks, and applications. This role is ideal for someone transitioning from a technical to a managerial position in cybersecurity.
Responsibilities:
- Ownership and maintenance of all security related policies and procedures, implementing Security by Design and driving a culture of cyber security awareness in the business.
- Working closely with the others in relation to Information Security Strategy and the creation, delivery and maintenance of a robust Cyber Security roadmap.
- Conducting assessments, pentesting and audits (responding where necessary), in relation to security threats, risks, capabilities and maturity.
- Keeping up to date with relevant security legislation / methodologies / standards and appropriate regulatory frameworks (including GDPR and ISO27001)
- Promptly deal with any security incidents, including overseeing technical solutions
- Handle varied and complex security challenges, from system reviews to high-level risk assessments
- Work closely with third-party suppliers in relation to audits, forensic analysis and pen testing.
Requirements:
- Possess hands on knowledge with the ability to bridge the gap between security engineering and management
- Strong technical background in cybersecurity
- Proven experience in identifying and mitigating security risks.
- Ability to make actionable recommendations for security improvements.
- Experience with ISO 27001 and Cyber Essentials is preferred.
- Experience with GDPR and data protection, together with extensive knowledge of IS standards
- Security assessment frameworks (threat modelling, controls assessment, risk assessment)
- Relevant qualifications; CISSP, CISM or similar.
- Understanding of TOGAF methodology would be beneficial, although is not a requirement.
The role offers excellent benefits; an industry leading pension scheme, free/discounted travel, 25 days holiday plus much more.
Location; London (hybrid working environment)
CTC Clearance will be required.