Senior Information Security Manager to £60k DOE + 26% Non Contributory PensionBased Wiltshire with Hybrid Working some UK travel
This is an exceptional opportunity to work for our client a service provider to the UK public sector. They seek a Senior Information Security Manager to lead develop and enhance the Information Security Management System (ISMS), planning activities to ensure the organisation maintains ISO 27001 certification. In this critical role the post holder will provide information security leadership and strategic direction, modelling the organisation’s behaviours and values.
- Interact with all business areas and disciplines to ensure the consistent application of policies and standards across all projects, systems, and services; facilitate risk assessments and risk management processes.
- Partner with stakeholders across the organisation to raise awareness of risk management concerns.
- Monitor changes in legislation and accreditation standards that affect information security and recommend any relevant change requirements to the organisation’s policies, procedures, and ways of working.
- Keep technical skills current in the context of the technical infrastructure deployed across the business, as well as surveying the future technical landscape to advise on the vulnerabilities and countermeasures required to mitigate risks in future technical architectures.
- Ensure an adequate information security education programme is delivered to all employees and contractors.
- Co-ordinate an ongoing security risk analysis and risk management approach.
- Develop a good knowledge of the business to advise and agree with the SIRO the level of risk appetite for the company and to inform accreditation decisions.
- Take responsibility for the information security accreditation process across the whole of the business, including managing a programme of accreditation activity and actions, providing regular assurance reports to the Head of RISC, the SIRO, and appropriate Committees.
- You will have previous experience working in information security with substantial experience in information, risk management, and cyber security.
- A demonstrable record of the practical application of information security, and risk management.
- Extensive experience of leading an Information Security team with a strong understanding of best practice, techniques and technologies and provide opportunities for improvement, identifying and managing risk.
- Professional security management certification e.g., CISSP, CISM, CRISC.
- Solid understanding of ISO 27001 and experience of successful implementation and maintenance this certification.
- Excellent written and verbal communication and presentation skills, and high level of personal integrity.
- Experience with contract and vendor negotiations and management including managed services and engaging with a range of stakeholders to deliver advice and guidance and raise awareness.
- This role requires SC clearance on appointment.
- Experience of shared service and/or customer service delivery, with public sector experience.