The Information Security Manager (ISM) will be accountable for overseeing the compliance with ISO27001, Cyber Essentials, and GDPR, as well as conducting a continuous information security risk assessment program. The ISM will also take the lead on initiating and managing information governance initiatives.
the ISM will maintain an ongoing partnership with the IT team, offering advice and consultation on the information security implications of any software and hardware implementations, changes, and upgrades. The ISM will also contribute to the drafting and implementation of information security policies, monitor compliance, participate in assessing cyber security risks and mitigation efforts, and lend support to the firm's cyber security and information security incident response plans.
Key responsibilities:
- Advising and assisting the firm on all aspects of the development and implementation of information security strategies and initiatives, including the selection and implementation of security technologies.
- Managing all aspects of the firm's ISO27001 ISMS programme, including chairing the Information Security Committee.
- Aligning information security and data protection policies with business operations and strategies, ensuring compliance with ISO27001 and applicable legal and regulatory requirements.
- Managing security audits (internal, external and client driven), ensuring effective and timely remediation actions and risk mitigation.
- Advising key stakeholders on the implementation of new processes and modification of existing processes from an information security/ privacy by design perspective.
- Development of its BC/DR programme to ensure robust information and data security is maintained.
What you’ll bring:
- Strong leadership in driving security initiatives across all departments.
- In-depth knowledge of data protection legislation.
- Expertise in information and cyber security controls, particularly ISO27001 and Cyber Essentials Plus, and comprehension of technical IT concepts.
- Industry certifications such as CISSP or CISM are highly desirable.