£65K/yr to £75K/yr
Leeds, England
Permanent, Variable

Information Security Manager

Posted by Nigel Wright Group.

The Opportunity

Professional services firm is seeking to recruit an experienced Information Security Manager to be responsible for managing the firm's ISO27001, Cyber Essentials, GDPR compliance programmes and managing an on-going information security risk assessment programme. Working with the the wider firm, the Information Security Manager will deliver a commercial, pragmatic, effective and risk-based approach to activities that provide appropriate access to, and protect the confidentiality, availability and integrity of client, employee, and corporate information. In addition, you will work with the firm's IT team on an on-going basis by providing advice and consultancy regarding the information security implications of any system upgrades. In addition you will advise on the drafting and embedding of information security policies, monitoring compliance, will assist with the assessment of cyber security risks, mitigation initiatives and will assist with the firm's cyber security and information security incident response plans.

The firm operates a hybrid working policy where you will work 2 days per week from the office.

Unfortunately our client is unable to sponsor visas.

The Role

Reporting to the Director of Risk & Compliance, in this stand alone role, you will be responsible for:

  • Advising and assisting the firm on all aspects of the development and implementation of information security strategies and initiatives, including the selection and implementation of security technologies.
  • Collaborating with key stakeholders and colleagues to ensure regulatory obligations and information security risks are managed effectively, particularly in areas of innovation and data usage.
  • Advising and assisting on information security related aspects of projects put forward for implementation by the firm.
  • Managing all aspects of the firm's ISO27001 ISMS programme, including chairing the Information Security Committee.
  • Responsible for on-going compliance with data protection legislation including UK GDPR in conjunction with key stakeholders, including responding to DSARs, drafting DPIAs and data mapping/RoPA exercises.
  • Aligning information security and data protection policies with business operations and strategies, ensuring compliance with ISO27001 and applicable legal and regulatory requirements.
  • Providing expert guidance and developing training and awareness programs to enhance information security awareness across the firm.
  • Conducting risk assessments related to information security and data protection and reporting findings to key stakeholders.
  • Managing security audits (internal, external and client driven), ensuring effective and timely remediation actions and risk mitigation.
  • Assessing and managing client requirements and supplier/third party risk by conducting security and data protection assessments of third party providers.
  • Leading on incident and breach management related to information security, including escalation, mitigation, and reporting.
  • Advising and assisting the firm and its key stakeholders on the implementation of new processes and modification of existing processes from an information security/ privacy by design perspective.
  • Advising and assisting with the firm's annual cyber insurance renewal ensuring appropriate coverage and compliance is maintained.
  • Advising and assisting the firm's development of its BC/DR programme to ensure robust information and data security is maintained. Member of the BC team.
  • Proactively advises and is up to date with current and emerging security threats, technologies and legislative changes.

Occasional travel to other offices will be required.

The Person

As an experienced Information Security Manager, you will possess:

  • Strong leadership in driving security initiatives within a firmwide context.
  • Expertise in information and cyber security controls, particularly ISO27001 and Cyber Essentials Plus, and comprehension of technical IT concepts.
  • Robust understanding of technical and organisational security controls, with a keen ability to evaluate and mitigate risks.
  • In-depth knowledge of data protection legislation (Data Protection Act 2018, UK and EU GDPR).

Industry certifications such as CISSP or CISM is beneficial though not essential. Most importantly though, you will have:

  • Exceptional communication skills, with the ability to convey technical issues clearly to diverse audiences.
  • Strong relationship-building skills.
  • Excellent problem-solving and decision-making skills.
  • A proven ability to work both as part of a team and individually with a flexible "can-do" attitude.

Related

We use cookies to measure usage and analytics according to our privacy policy.