Information Security Manager

Location: Hybrid with travel toNorthampton 1 day per week

Salary:

Hours: 37.5

The Information Security Manager reporting directly to the Head of Information Security will play a vital role in ensuring that we protect our customers data and create a culture of security within the business. This is a new role which has been introduced into the business to help deliver our organisations information security program.

Role and Responsibilities

• Develop and maintain an ISMS in compliance to ISO 27001:2022
• Help manage the certification process for ISO 27001:2022 including all external audits and planning
• Manage internal security audits and assessments
• Develop implement and maintain policies and procedures for information security
• Research emerging security threats and identify vulnerabilities
• Identify and report on information security risks
• Develop a deep understanding of how the Staysure group operates
• Work closely with Risk & Compliance and IT; to ensure that all data is securely protected
• Help develop the training and awareness requirements for the business
• Build and develop relationships with key internal stakeholders aligning to our values and developing a security culture across the business

Essential Skills

• ISO 27001 Lead Implementor/Auditor or at least 2 years of experience supporting an ISO 27001 accredited business
• Good working knowledge of security risk and control frameworks such as ISO 27001 PCI DSS and ITIL
• Proven ability to establish and implement information security policies and procedures
• Understanding of a range of security technologies including firewalls cyber threat intelligence services DLP email security endpoint encryption end point security SIEM vulnerability management web security
• Ability to review security controls assess control maturity and suggest improvements
• Experience of assessing and managing security incidents service improvements and IT security risks
• Understanding of the Data Protection Act 2018 and GDPR
• Knowledge of Disaster Recovery/Business Continuity processes
• Knowledge of cloud technologies
• Good knowledge of business benefits that security technologies and frameworks can bring
• Adept at Stakeholder management
• Strong presentation skills and ability to influence others

Desirable:

• CISSP CISM or CRISC