Information Security Manager

Information Security Manager

My client, an international software services provider are actively looking for a new Information Security Manager to drive their capability forward. Within this role you will have a fully blended position where you have responsibility for Information Security (leading them through ISO27001 certification,) as well as applications security. Ensuring that security is embedded effectively into their product development. This is an extremely dynamic working environment where you will be wholly encourage to 'speak up,' and bring new ideas to the forefront.

Responsibilities will include:

• Provide Guidance to the product development teams in securing the products and services in line with industry standards and contractual obligations.
• Work extensively with existing and developing customers within the UK to develop secure solutions to meet their requirements.
• Manage security testing process.
• Work with the Global security functions to develop, implement and monitor a strategic, comprehensive enterprise information security programme.
• Drive the implementation of appropriate security standards e.g. ISO 27001.
• Direct staff in identifying, developing, implementing, and maintaining security processes, practices, and policies to reduce risks, respond to incidents, and limit exposure and liability in all areas of information, financial, physical, personal, and reputational risk.
• Review divisional compliance with Global Businesses policies and procedures.
• Review and approval of all technology investments as they relate to information security.
• Manage relationships with Security leaders across the global businesses.
• Support driving the perception change for security from being seen as an inhibitor, to it being seen as a business differentiator.
• Present at user groups and conferences around Information Security as it relates to products and services.
• Manage supplier due diligence from security perspective.

Skills:

• CISSP /CISM / ISO 27001 LI or equivalent qualification.
• A technical background that could be (but not limited to) architecture, development or operations.
• Understanding of Security Architecture and Frameworks.
• Knowledge of cloud computing infrastructure ( e.g. Microsoft Azure)
• Good understanding of the technologies used to deliver digital web-based services and in particular, the security controls needed to protect these services and the data that they process and store.
• Extensive knowledge of Information Security regulatory requirements.
• Understanding of GDPR/DPA2018.
• Experience of implementing or working in ISO27001 environment.