Security & Compliance Manager

Overview Our client is the premier provider of Professional Accountancy and Financial Services training in the UK. With numerous training centres throughout the UK supported by over 1000 staff, they are heavily reliant on IT technology and services to help deliver a first class training experience to its customers. As the company continues to invest in securing its information services, an opportunity has arisen for an experienced IT Security Manager to help drive forward the security and compliance initiatives currently underway. The IT Security & Compliance Manager performs two core functions, firstly a technical responsibility to ensure Security & Compliance standards are applied across IT, by working with IT engineering, infrastructure & application teams. Secondly, establishing a Security & Compliance stance through policy and process, internal & external communications and training. An understanding of data protection laws and regulations will help advise the business how to maintain, identify, develop, implement and support effective Compliance. Responsibilities / Duties • Developing and maintaining companywide IT security framework • Assist in driving change to achieve and maintain essential Security and Compliance certifications (ISO27001/2, PCI, Cyber Essentials) • Assist in responding to inquiries regarding data security, policies, and procedures from internal colleagues and external partners, 3rd parties and vendors. • Participate in planning, communicating, testing, and implementation of disaster recovery. • Assist in Business Continuity Planning. • Manage Vulnerability program • Manage Threat detection to form and execute tactical responses using SIEM systems (Alienvault, Logrhythm) • Assist in evaluation of IT security technologies and lead on implementation • Maintain, monitor, evidence and develop IT Security Standards with KPI’s • Manage a Data Project Impact Assessment service • Manage monitor and review compliance controls for SOX, PCI & ISO27001. • Provide expert technical security guidance on IT system and infrastructure landscape. • Manage and improve the companies ISMS by documenting IT Security & Compliance policies, process and procedures • Provide regular IT Security reports to the IT Service Ops Manager and the SMT Essential Experience • Excellent listening, written & oral communications as well as soft skills to discuss, explain, security and compliance policies, processes and deliverables with technical and non-technical colleagues of all levels of seniority. • Completing, discussing, negotiating and agreeing external Security Agreements & Questionnaires with partners, 3rd parties, vendors etc. • Understanding and hands on experience of working in an Information Security Frameworks • Driving a Compliance program to meet external regulatory frameworks (ISO 27001, SOX, PCI DSS) • Understanding of UK and EU data protection laws & regulations (DPA, GDPR) • Driving a Security program to meet internal KPIs (Vulnerability & Patch management, meeting other Security & Compliance KPI’s) • Information Risk Management • Leading Security and Compliance based projects • Technical • SIEM systems • Infrastructure Security and Hardening • Latest threats and vulnerabilities • Cryptographic controls and website security Desirable Experience • Communications with the ICO • Data Loss Prevention tools • Broad technical knowledge of networking, Windows Server and Desktop technologies, WiFi, SAN, VMware • Cloud technologies and security practices • Managing or taking part in an internal or external audit. Personal Attributes and Competencies • A confident people person who can be available or initiate conversations to discuss, answer and listen to colleagues and external parties on Security & Compliance. • Passionate about Data Security & Compliance and keen to promote its relevance • Highly customer focused and supportive to colleagues • Team player comfortable communicating at all levels • Results focused with a strong work ethic • Highly motivated and equally comfortable giving and/or taking direction • Level headed, clear thinker with ability to see the bigger picture • Problem solver with analytical approach to solving complex problems and a determination to see problems through to resolution This job description is a guide to the work the post holder will initially be required to undertake. It may be amended from time to time to meet changing circumstances by mutual agreement