Reporting to the Head of Risk and Compliance, the Information Security Manager will be responsible for owning and maintaining S-RM’s information security risk management programme.
A new position within the Risk and Compliance team, the Information Security Manager will advise and support the integration of information security management into S-RM’s existing risk and compliance framework.
MAIN DUTIES AND RESPONSIBILITIES
The main duties and responsibilities of the Information Security Manager will include:
- Be the primary point of contact for information security matters across S-RM’s global offices.
- Own and maintain S-RM’s information security policy along with accompanying procedures, guidance and other relevant documentation.
- Conduct security risk assessments of the company’s information assets and use these to inform the continuous improvement of the information security control library.
- Work with relevant stakeholders to continuously identify opportunities for improvement in S-RM’s information security posture.
- Manage the company’s vulnerability assessment process.
- Work closely with the Head of IT to develop a prioritised, risk-based information security plan that informs and supports IT strategy.
- Review all IT initiatives and provide information security oversight, including advising on appropriate mitigation control measures and the implementation of these.
- Maintain an information security risk register that is updated at planned intervals (at least monthly) and presented at monthly information security committees.
- Provide a summary from information security committees to be presented by the Head of Risk and Compliance at Risk Committee.
- Ensure that senior stakeholders have appropriate visibility as to their information security risk posture.
- Continually build and develop relationships with key members of S-RM’s Cyber Security business unit to understand current threats and trends and take advantage of in-house expertise and skill sets.
- Champion information security best practice across the business and work alongside other departments and business units to ensure that all staff are aware of their obligations with regards to information and cyber security.
- Manage the company’s cyber awareness training programme.
- Manage and maintain close oversight on all information and cyber security related incidents.
- Play a lead role in the running of incident response table top exercises with the IT team.
- Investigate suspected and actual security incidents with a view to providing assurance that risks and impacts have been handled effectively and ensuring that any remedial action is taken.
- Ensure that information security policies and procedures adhere to relevant legislation and are approved at appropriate levels within the company.
- Manage all outgoing and incoming vendor risk assessment requirements and coordinate responses accordingly.
- Own the information security aspect of the application approval process across the company.
- Advise on best practice for patch management and hardware imaging processes
The role will be based in our London office but may involve some travel to international offices depending on business requirements.
SKILLS, QUALIFICATIONS & EXPERIENCE
The qualifications and experience required to perform this role successfully are:
- 3 – 5 years’ experience in an information or cyber security role.
- Strong infrastructure background, ideally having held an architect role with either a Windows or network specialty.
- Extensive knowledge of Windows server, Office 365 and network security.
- Good working knowledge of industry standards including ISO 27001.
- General knowledge of applicable data privacy practices and laws – specifically GDPR – is highly desirable.
- Strong technical information security skills, which may include recognised security accreditations (e.g. CISSP, CISM).
- Strong understanding of security technologies and best practices.
- Proven experience project managing within an IT transformation environment.
- Experience of working across data/information risk, compliance, governance and audit is highly desirable.
- Proven experience of producing high quality deliverables working alone and as part of a team.
The individual will need to have the following key personal skills and attributes to perform successfully in this role:
- Strong analytical and risk analysis skills.
- Excellent communication skills – both verbal and written – to be able to build relationships and influence key internal and external stakeholders.
- Ability to explain information security risks in business terms.
- Highly motivated and results driven.
- Experience of working in a fast-paced environment.
The successful candidate must have permission to work in the UK by the start of their employment.