One of Global Online legacy clients are now looking for an an experienced Information Security Manager to join the talented and growing Technology. You will be working closely with the CTO, business leadership, and senior stakeholders where you will be responsible for the end-to-end design of a new ISMS and IS policy framework (including the ISMS creation, documentation, validation, and management) to support the continuous evolution of our information security related capabilities, processes and supporting technologies.
Ideally, you will be able to demonstrate in-depth understanding of applicable information security, compliance and regulatory requirements and standards (e.g. UK GDPR, PECR and DPA, ISO27001: 2013, ISO27002, Cyber Essentials, and US equivalents) and have led an organisation through the process of ISO27001:2013 certification.
- Working with function Heads within the Technology team. across the business and with external partners to ensure compliance of all IS controls and processes.
- Ensuring that all processes within the Technology team are compliant with current UK regulations and obligations (e.g. UK GDPR, PECR, DPA, PCI-DSS) and other relevant information security standards (including US alignment where applicable).
- Developing an Information Security Management System (ISMS) which meets applicable requirements of the ISO 27002 standard and is ready for ISO 27001:2013 certification.
- Maintaining IS controls, standards, and procedures according to industry good practice (including risk assessments, audit, registers, corrective actions, and remediation).
- Providing first party incident mitigation, response, and remediation, including threat and vulnerability analysis.
- Verifying that all validation activities for products developed in-house (and via 3rd parties) and any SaaS systems used meet our client and industry compliance and regulation requirements and expectations.
- Representing the Technology organisation and providing support to the wider business when meeting client and candidate IS information requests.
- Supporting the timely and complete response to client questionnaires/audits as requested of the Technology team.
- Promoting a culture of “security by design” to all employees and partners, and the presentation of periodic IS risk reports to the management team to improve security awareness.
- Maintain and monitor up to date knowledge of ISO standards, security threats, countermeasures, and assistive technologies.
- Experienced Compliance Manager or being able to demonstrate experience in a similar role (preferably with industry certification and awareness of Cloud and on-premises IT).
- Being able to demonstrate in-depth understanding of applicable information security, compliance and regulatory requirements and standards (e.g. UK GDPR, PECR and DPA, ISO27001: 2013, ISO27002, Cyber Essentials, and US equivalents).
- Experience leading an organisation through the process of ISO27001:2013 certification.
- Demonstrate excellent verbal and written communication skills and be able to describe technical/security issues and their solutions to a non-technical audience.
- Be self-motivated, inquisitive, analytical, calm but enthusiastic, and always be looking to provide solutions and improvement opportunities.
- Be comfortable working on and prioritising own initiatives and collaborating internally and externally as part of a team.
- Excellent basic salary with generous bonus scheme
- 25 days annual leave, plus additional days for length of service and your birthday!
- Regular team incentives and social events, including annual Christmas and Summer parties
- Discounts with major cinemas and retailers, family days out, and much more
- Life Insurance and Company Pension
- Employee Assistance Programme (Mental Health & Well-being support)
- Great culture and work environment