Information Security Manager

Location: Berkshire
Job Type: Permanent
Salary: Competitive Salary

ROLE PURPOSE

The purpose of the role is to ensure that information security is given the correct priority and focus within the business while maintaining compliance with ISO27001.

The role will be responsible for gathering information necessary to maintain security and ensure ongoing suitability of all information security measures. The role will assess the impact of business changes, system modifications and technological advances, in order to identify potential security weaknesses, recommend improvements to mitigate vulnerabilities, implement changes and document upgrades.

The role operates at all levels of the business, providing visibility, advice, guidance and support to the board, their senior management teams and their business units on information security and business continuity matters.

JOB DESCRIPTION

  • Maintain customer, client and board confidence by ensuring Huntswood's ISO27001 certification is kept up to date and leading Huntswood's continual improvement in the field of information security
  • Establish, drive and embed best practices for information security risk identification and management
  • Daily management of information security operations within Huntswood.
  • Keep Huntswood's Board regularly updated on information security incidents and risks faced by the business following Huntswood's risk management framework. Be a source of advice on effective mitigating actions (corrective & preventive)
  • Manage stakeholders at all levels within Huntswood, ensuring strong relationships are built and maintained. Instil confidence across the Huntswood business that information security risks are identified and mitigated
  • Demonstrate and maintain excellent knowledge of ISO27001 controls and best practices
  • Ensure Huntswood's ISMS policies are up to date, regularly reviewed and aligned with business strategy and focus
  • Ensure all relevant Huntswood representatives receive regular information security training
  • Keep up to date with current information security trends and ensure Huntswood's ISMS effectively controls current threats and vulnerabilities faced by the business
  • Use up to date communication methods to provide Information Security awareness and news updates
  • Be the contact point for reported information security incidents and effectively manage them through to their conclusion by ensuring the effective implementation of corrective and preventive actions
  • Be a proactive part of the design and approval teams for new technologies and changes to information systems proposed by business heads to ensure Huntswood's footprint of vulnerability is kept within acceptable levels
  • Provide SME input to commercial activity (i.e. bid/RFP responses) and project/proposition developments
  • Interaction with existing and potential clients to provide assurance of Huntswood's commitment and understanding of information security
  • Carry out internal auditing in areas of security not owned by the information security manager. Liaise with and support Huntswood's internal audit team to ensure auditing is effective and that any nonconformity is corrected in an effective and timely manner
  • Engage with the Huntswood legal team to ensure that information security in both client and supplier contracts are effectively managed
  • Proactively work with the Data Protection Officer to ensure that Huntswood data is adequately protected in line with relevant data protection laws
  • Coordinated management of information security with the Technology Security Team

ESSENTIAL SKILLS

  • Detailed/expert level of understanding of ISO27001:2013
  • Previous experience of implementing and or managing ISO27001 in a successful business
  • Detailed understanding of risk management
  • Ability to lead, drive and embed revised and new processes, procedures and best practices
  • Ability to work professionally and constructively within a team environment providing advice and consultancy
  • Excellent business communication skills, with the ability to communicate at all levels
  • Detailed level of understanding of data protection and UK's Data Protection regulations
  • Up to date knowledge of current threats and vulnerabilities facing the modern business today with the ability to learn and keep abreast of emerging threats
  • Excellent decision making and problem-solving skills
  • Ability to demonstrate good business acumen
  • Good time management and project management skills
  • Ability and experience in working and communicating effectively with both technical and operational stakeholders in information security and business continuity matters

DESIRABLE SKILLS

  • Information security qualification (ISC)2 CISSP or equivalent
  • Degree in a relevant subject
  • An understanding of PCI DSS
  • Working knowledge of ISO 22301
  • Previous experience of business continuity management
  • Previous experience of the financial services sector and/or outsource service provision

CORE BEHAVIOURS

To work with, Huntswood's employees are described as dependable, driven and collaborative. The job holder should be able to demonstrate they are;

  • Confidential, reliable and genuine
  • Dynamic, passionate and determined
  • Friendly, compassionate and cooperative

"It's not just about what we do, but the way we do it. And it's our values that make us special."

Apply for this role

Fields marked * are required

Upload your CV*

Select