Information Security Manager

Title: Information Security Manager

Salary: GBP45,000 to GBP55,000

Location: Stockport

Overview

Our client provides IT Managed Services and IT infrastructure solutions to customers across the UK, Europe, and APAC regions. Customers include both private corporations and government organisations. Our IT infrastructure solutions primarily focus on the Dell product range, Cisco networking, Citrix, Microsoft, and our own Cloud platform. They operates a security–first culture which we see as a critical capability to our future success.

As an Information Security Manager you will be responsible for maintaining, enhancing and operating ISMS(Information Security Management System) and developing and reinforcing our security first culture. Working alongside the director of security you will focus on policy implementation, user training, security awareness and auditing.

The role requires excellent documentation, auditing, and risk management skills, you must be organised and thorough in your approach. You will be expected to present new security risks to the board and make sure these are managed throughout their life cycle until they are remediated or mitigated. You will be responsible for maintaining our ISMS audit schedule and making sure these tasks are conducted in a timely manner. This includes coverage of key partners and suppliers to ensure security alignment across the supply chain.

What Success Looks Like:

• Maintain our ISO27001 certification and the ISMS.
• Help to maintain their Cyber Essentials plus certification.
• Increase the current ISO27001 scope to include all data centre sites, Cloud, and other developments that come along from time to time.
• Keep up to date with the latest security threats and help mitigate these.
• Operate an effective security risk management process that identifies risks ahead of them occurring and puts in place effective risk mitigations where appropriate.
• Maintain a continuous improvement approach to improve our security capability.
• Maintain company–wide security awareness amongst our people.
• Train and develop our peoples understanding of security, our security systems to keep our people understanding of security current.
• Reduce the number of Security Incidents through risk management and keeping personal knowledge up to date on emerging trends and threats.

Key Responsibilities

• Maintain our Information Security and compliance framework(ISO27001): Create and implement policies, procedures, and guidelines to establish an effective Information Security and compliance program aligned with industry standards and regulations.
• Complete routine IT security reviews and liaise with relevant staff members to help maintain our ISMS IT objectives.
• Work with relevant teams to ensure our internal KPI's for security related operations are within the accepted targets and SLAs.
• Support our teams who are supporting our Customers to enhance their security capabilities.
• Help to complete customer security compliance audits, assessments, and questionnaires in relation to security policies and procedures and the services we supply to these customers. For clarity, this role is not responsible for delivering consultancy to our customers.
• Ensure regulatory compliance: Stay up to date with relevant laws, regulations, and industry standards (such as GDPR, ISO27001, Cyber Essentials, etc.) and ensure our organisation's compliance. Monitor changes in regulations and update policies and procedures accordingly.
• Conduct risk assessments: Identify and assess potential security risks and vulnerabilities, both internally and externally, and develop strategies to mitigate and manage them effectively. Perform regular risk assessments and maintain risk registers.

Skills & Experience

Essential

• Experience maintaining an ISO27001 information management system
• Prior experience in assessing and managing Information Security risks
• Experience giving presentations to management–level audience
• Experience of at least 3 years in an Information Security role
• Strong ability to convey complex information risk and security issues in a manner that is easily understood and actionable and constructively challenges prevailing thoughts and processes
• Exceptional knowledge of the Cyber Security Industry and providers
• A passion for Information Security

Desirable

• ISO27001 Lead Auditor/Implementer experience
• CISSP/CISM/CRISK/ISSMP/CISMA/ NIST/
• Experience of managing Cyber Essentials and Cyber Essentials plus certification requirements
• Strong evidence of continued personal and professional development

Colleague Benefits

• 25 days paid leave + Bank Holidays
• Contributory Pension Scheme, tiered contributions rising to 7% with length of service
• Tailored personal development plans and career journey planning
• Fully/Partially Funded training
• Free parking (if office based)
• Laptop & company mobile phone

If you believe you are suitable for this job or know someone who is, please reply to this advertisement with a copy of your CV and all other relevant information.

In Technology Group Ltd is acting as an Employment Agency in relation to this vacancy.