Richmond, United Kingdom
Great opportunity for an Information Security Manager to work for a global end udder organisation who are market leaders in their field.
On offer is the chance to join a small but specialist team in a brand new role.
Key deliverables will be:
- Contributing to Information Security strategy.
- Track security status with information security policies, practices, and standards, through continuous monitoring and consulting.
- Managing a programme of continuous internal and 3rd party security assessments
- Works with internal and external stakeholders to improve processes, mitigate risks, and remediate vulnerabilities.
- Ensure Business Unit compliance wDR Minimum Mandatory Requirements.
- Supporting all areas of the risk, security and compliance portfolio, including security awareness, PCI compliance, conducting security research, compiling compliance reports, communicating with stakeholders, and collaborating with the IT operations teams.
- Supports security processes by reviewing scans of all critical assets and follow-up on all reported critical/high vulnerabilities.
- Ensure all results of all tests and all audits are followed up and monitored.
- Implement Industry best practice and update existing Standards and Security Design documentation used by the Organisation.
- Provides consulting services to business asset owners on information security topics as directed and with support from more senior team members
- Provide effective education and awareness training to promote the secure use of Information Technology capabilities.
- Support the implementation of ISO 27001 controls and General Data Protection Regulations.
- Understand the relevant Legislation and Regulations regarding the use of Information Technology and the Protection of Data and ensure that business processes comply with all such relevant legislation.
- A flexible outlook may be required when dealing with Investigations or Incidents out of hours.
- Have involvement with all Information Security functions including Projects, SOC and Security Testing to ensure Policies, Standards and Awareness initiatives support their requirements and processes
Key skills needed are:
- CISM/CISSP or equivalent
- PCI-DSS, ISO27001, access controls, web application security, data classification and handling, 3rd party security, and cryptographic techniques
- Good knowledge of Sarbanes Oxley COBIT areas and controls (cSOX)
- Three to five years working in a security related role in a medium to large organisation
- Security Compliance Reviews, security incident response, delivery of security training/awareness programmes; security access reviews
- Proactive, good communication skills across all levels in an organisation, able to work autonomously, able to deliver results through others, pragmatic, high levels of initiative, innovative
Please send your CV ASAP for this excellent opportunity with imminent interview slots.