Information Security Manager Technical

Location: Hybrid with travel to Northampton 1 day per week

Salary:

Hours: 37.5

The Information Security Manager reporting directly to the Head of Information Security will play a vital role in ensuring that we protect our information systems and networks from security breaches and cyber threats. This is a new role which has been introduced into the business to help deliver our organisations information security program.

Role and Responsibilities

• Responsible for managing all technical controls to ensure compliance to ISO 27001:2022
• Coordinate and manage Pen Testing for the business
• Help manage audits assessments and testing from a technical security perspective
• Develop implement and maintain policies procedures and standards for information security
• Threat intelligence ensure that the business is made aware of potential threats and remediation is completed
• Monitoring analyse potential threats and vulnerabilities and ensure processes are in place to manage any incidents
• Incident management develop procedures and ensure they are tested
• Review tools and technology in use and suggest improvements
• Management of Information Security Analysts
• Identify and report on information security risks
• Develop a deep understanding of how the Staysure group operates
• Build and develop relationships with key internal stakeholders aligning to our values and developing a security culture across the business

Essential Skills

• ISO 27001 Lead Implementor/Auditor or at least 3 years of experience supporting an ISO 27001 accredited business
• Good working knowledge of security risk and control frameworks such as ISO 27001 PCI DSS and ITIL
• Proven ability to establish and implement information security policies and procedures
• Deep understanding and knowledge of security technologies available
• Ability to review security controls assess control maturity and suggest improvements
• Experience of assessing and managing security incidents service improvements and IT security risks
• Understanding of the benefits and risks of using AI
• Knowledge of the Data Protection Act 2018 and GDPR
• Understanding of Disaster Recovery/Business Continuity processes
• Knowledge of cloud technologies
• Adept at Stakeholder management
• Strong presentation skills and ability to influence others

Desirable:

• CISSP CISM or CRISC
• ITIL