Information Security Manager

Job Title: Information Security Manager

Location: West Sussex – Fully Remote

Salary: £75,000 – £80,000 + benefits

Are you an experienced Information Security Manager with a strong technical security background and a strong GRC focus? If so, this could be the ideal opportunity for you. My client, a specialist financial services business with an excellent reputation, is currently investing within their Information/Cyber Security team. As part of this investment, they are looking to hire a Technical Information Security Manager to join the team.

Reporting into the Group Head of Information Security you will work as part of their Information Security governance and oversight team. This technically focused role includes delivering their Information Security services (such as consultancy, assurance reviews and risk management) and providing governance and oversight across the business to effectively manage Information Security and Cyber risk. The role will suit someone with a strong technical security knowledge who also has a strong focus towards governance, risk and compliance.

Key responsibilities

• You’ll play a key part in the implementation and maintenance of established control frameworks such as ISO27001 and PCI-DSS and other relevant security frameworks, including the creation of policies standards and other documentation.
• You’ll lead the governance, oversight and assurance on technical security controls and technical design on both new and existing solutions in the network and application portfolio.
• You’ll act as an Information Security consultant to the rest of the business and represent Information Security in key forums, e.g. Project teams, Technical Design Authority, Agile Scrum teams, to ensure that technical security standards are met and adhered to.
• You’ll work with stakeholders to ensure that technical security patterns, standards and sub-standards are developed and maintained.
• You’ll lead and further develop and mature their extensive Pen testing & other testing programmes.
• You’ll undertake assurance reviews and assessments, including 3rd Parties, new technical solutions and processes and produce relevant recommendations and reporting.
• You’ll understand the business and information risk context, proactively work with teams to develop architectures and countermeasures which mitigate risks to an acceptable level.
• You’ll perform information security risk assessments for change, processes and new solutions, etc, producing recommendations and reporting. Contribute to the running of the Information Security risk processes.
• Ongoing identification of emerging security threats through regular engagement with control and risk owners, coupled with external security trends, horizon scanning and analysis.
• You’ll contribute to and deliver appropriate security awareness activities and promote good security practice in order to improve Security culture across the business.

Skills and Experience required

• Proven background within a similar Technical Information Security Manager position.
• Extensive Information & IT Cyber Security experience.
• Experience of maturing extensive Pen test & other testing programmes.
• Proficiency in technical security controls and frameworks, including experience and proficiency in cloud security.
• Experience and expertise in Azure environment security, vulnerability management and associated processes.
• Detailed knowledge of Information Security frameworks and standards, in particular PCI-DSS and ISO27001.
• Proven track record of undertaking control assurance reviews against best practice standards and identifying gaps.
• Suitable qualifications, e.g. CRISC, CISM, CISSP
• Excellent communication and interpersonal skills, both verbal and written.
• Excellent stakeholder management skills.
• Excellent analytical skills
• Excellent organisational skills.

For more information or to apply please send a copy of your CV to [email protected]