Information Security Manager

The Information Security Manager role:

AlphaSights is looking for a proactive and driven individual to join the IT Engineering We are a digital business in which having a robust security posture with regards to all of our IT assets is paramount - continuous uptime and a smooth, secure technology experience is central to our The role of the Information Security Manager therefore represents a visible and valued opportunity for the right candidate to have an immediate impact globally

From day one, you will be responsible for defining and embedding best practice information security policies, standards and processes based on ISO 27001, NIST Cyber Security Framework (CSF), Cyber Essentials Plus and SOC You must maintain a positive mindset, and approach your work and the company's IT environments with a real sense of You also need to have a proactive responsibility to assist in the delivery of secure systems and implement proportionate controls by working with the business, IT teams and 3rd party This role will be hands-on; enabling technical teams to make security decisions and provide advice and guidance, ensuring the effective use of common tools and You will proactively identify anti-patterns to a good security posture and ensure that any issues are remediated in a timely

The IT Engineering team is a fast-growing, motivated group, which allows for a high growth potential and opportunities to distinguish We are looking for a team member who has already established themselves within the information security community, keen to develop themselves in a hyper growth business, by bringing valuable industry experience and perspectives to bear on our department as we continue to A successful hire in this position will represent an effective coach and role model within the team, and will be looking to specialise even further in the information security

Core responsibilities:

• Implement SOC 2/ISO 27001 framework and Information Security Management System (ISMS).
• Develop and publish a complete set of corporate Information Security policies and standards and continually monitor the information security controls, KRIs/KPIs and technical landscape of the firm's
• Lead on compliance reviews, responses to diligence questionnaires, certifications, accreditations ( ISO27001, Cyber Essentials, GDPR, SOC 2 ).
• Implement effective and appropriate GRC controls and measures to protect systems and
• Identify, communicate and manage current and emerging security threats with relevant
• Develop information security compliance frameworks, security policies and procedures, where
• Work with business, internal IT and 3rd party vendor teams to promote and adopt security best
• Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where
• Work with Security partners, Managed Security Service Provider (MSSP) to conduct and review regular security assessments (pen tests, vulnerability scans, red v blue etc) of our own infrastructure and that of vendor solutions (SaaS, IaaS providers and MSSP).
• Promote security awareness by developing and implementing a training Respond to security enquiries from staff and provide security advice as
• Investigate suspected and actual security incidents in accordance with the security incident management standard, produce reports with recommendations and ensure any remedial action is
• Understand the impact of emerging security trends, risks, new guidance or standards (internal and external) and security enhancing
• Facilitate information security governance through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory
• Create and promote a security champions user group globally to ensure that the firm is protecting itself in all aspects of

Requirements:

• You ve successfully accomplished the accreditation (or renewal) of a security framework for your
• Comprehensive understanding of Information Security Frameworks ( ISO 27001, NIST, SOC 2, and Cyber Essentials) and Data Protection including
• You ve ensured that your organisation has completed a penetration/vulnerability test and/or you ve instigated a red team v blue team scenario to ensure your controls are You ve also remediated any
• Monitoring and reporting on compliance with security and data protection policies, as well as the enforcement of You re happy to roll up your sleeves and actually do the work - presenting to senior stakeholders and obtaining buy-in for global security
• Working knowledge of Security Architecture and potential security issues related to PaaS, IaaS, SaaS and understanding of IAM, and Data Loss Prevention in a cloud first
• Knowledge of security technologies such as IDS/IPS; you understand the value of vulnerability scanning and have used EDR/XDR tools
• You ve implemented and chaired an IT Risk Steering
• You ve represented your firm by helping to answer questions posed in due diligence

Attributes we're looking for:

• Degree qualified and/or MSc Information Security
• 10+ years in IT with at least 3+ years in a senior Cyber Security
• CISSP, CSSP, CISM, Cybersecurity or similar
• ISO 27001 Lead Implementer or Lead Auditor
• Ability to present security topics to a non-technical audience and presenting the business value of security; managing the IT risk register of the
• Results-oriented, user-focused mindset
• Excellent communication skills
• Naturally positive attitude, with the ability to maintain patience and composure under pressure
• Ability to lead and deliver change and contribute to culture change successfully

Please note this is mainly an office based

AlphaSights is an equal opportunity Read more about our commitment to DEI