Information Security Manager

Information Security Manager

My client, a leading retailer based in Oxfordshire are actively looking for a permanent Information Security Manager to join their team. This role will be joining a dynamic, fast paced Greenfield working environment and will offer you the opportunity to work to help build and shape their security capability. Having met with the business yesterday it was evident what a fantastic working culture they have. This is a newly created role and truly exciting time to join them.

The role

• Protect the organisations Information assets to ensure availability, confidentiality and integrity
• Provide Information Security expertise where required across the organisation
• Identify and track new threats and regulatory developments and act upon them to ensure company compliance and protection
• Work closely with other departments to perform audits, tests and conduct security domain assessments against new and existing systems. Act to ensure issues are remediated
• Review and manage risk assessment
• Support data classification and the implementation of appropriate controls
• Develop the training strategy and work with the training department to ensure that the objectives of raising awareness, changing behaviour are met. Ensure that training content is reviewed and updated regularly as necessary
• Maintain and update the portfolio of Information Security policies, standards and processes to ensure they reflect best practice and risk appetite
• Work with operational staff to ensure that incident management processes are effective and ensure compliance with information security policies
• Act as first point of contact for employees and support project teams creating new services and using new suppliers including conducting due diligence and supplier risk assessments
• Provide project management support with ad-hoc projects that have an Information Security aspect
• Oversee the Vulnerability Management, Security Testing and Disaster Recovery processes to ensure efficacy

Requirements

• Educated to degree level or equivalent experience
• Considerable experience in an Information Security related role
• Practical experience of disaster recovery planning and testing
• A security qualification such as CISSP or CISM
• History of handling:
  • standards compliance such as ISO27001
  • regulatory engagement, investigation and audit
  • Information Security policies and data security best practices
  • Incident response
• Experience of implementing strategies, policies and procedures in line with organisational requirements and legislation
• Experience in translating regulatory requirements in to auditable processes
• Practitioner certificate in Data Protection or equivalent desirable
• Experience of negotiating data privacy terms with suppliers and conducting supplier assessment/due diligence