Email me jobs like this

Information Security Manager

£80,000.00 - £85,000.00 yearly
  • Context Recruitment Ltd
  • London, London
  • 12/02/2019
Full time Information Technology

Job Description

Information Security Manager

Exciting role working with a public facing, multi-national, multi-£bn turnover organisation based in Central London. You'll help with the provision of IS assurance, joining a new team in the very early stages of implementing a group-wide Information Security Strategy.

Practical experience of evaluating the effectiveness of tech controls or implementing the technology itself is required.

The group-structured organisation is going through a period of growth and is in the midst of a large-scale IT and digital transformation piece, the result of which is a requirement for a renewed focus on the management of risk in relation to IS, BC and compliance.

The position reports directly to the Head of Information Security. You'll work with stakeholders across the Group to ensure the business has adequate controls and compliance in place to manage risk. You'll be involved in the design, review and implementation of a range of technical security policies, frameworks and standards, to support and demonstrate an auditable governance framework and appropriate risk management controls.

This will include the provision of technical assurance, security testing, vulnerability scanning and provide input on technical vulnerabilities and necessary controls to manage risk.

The role will need to support the Head Technical Security and assist in influencing across the organisation at various levels. Occasional travel may be required within the UK and Europe. There is scope to work from home on occasion (up to once a week).

What you'll do:

  • Participate in the review, implementation, and maintenance of the Group's IS Technical Policy, Frameworks and Standards.
  • Participate and support the Change Management and Service transitions activities.
  • Ensure Security and Privacy by design across the Group's architecture and technical security requirements.
  • Build strong relationships within the business technology functions and across the technology organisation to develop the organisations understanding of IT security related services.
  • Work with infrastructure delivery teams to develop technical standards that implement the technical controls to enforce the organisations IS Technical Policy.
  • Work with business IT functions to coordinate remediation activities and work in partnership to implement technical controls that reduce risk across the group.
  • Participate in the Architecture Review Board, delivering appropriate and consistent security architecture consultancy services to both Group projects as well as business unit undertakings.
  • Working with the Technical Architecture Team ensuring scope for pen-testing and vulnerability testing is suitable and that all designs, including technical security and digital privacy suitable for a secured technical service delivery.
  • Support the IT Security elements of the organisations' move towards cloud-based solutions.
  • Support the drive for deployment of a Security Operations Centre (SOC).
  • Develop business understanding of technical security and technical compliance to regulatory requirements.

What you'll need:

  • Experience in design, implementation and operation of large-scale security strategy, architecture solutions, risk management and compliance in a large and complex multi-supplier / multi-platform environment.
  • Knowledge and understanding of securing cloud technologies and technical security architectural experience.
  • Knowledge of all areas of IT Security, including: cyber security for digital technologies, identity and access management, authentication and single sign-on, authorisation, logging and monitoring, audit, secure communications and cryptographic services, network protection, hosting and cloud, vulnerability management, platform security and systems development lifecycle.
  • One or more Information Security Certifications (e.g. CISSP, CISM, CCSP. SCCP. ISO27001 auditor) are required.
  • A strong balance of business acumen and technical knowledge.
  • Strong ability to build and maintain stakeholder relationships acting as a business partner and enabler whilst engendering a culture of risk awareness and control.