Reporting to the Head of Risk and Compliance, the Information Security Manager will be responsible for the development and maintenance of S-RM’s information security risk management system(s), including the integration of information security management into S-RM’s existing risk and compliance framework.
MAIN DUTIES AND RESPONSIBILITIES
The main duties and responsibilities of the Information Security Manager will include:
- Be the primary point of contact for information security matters across S-RM’s global offices.
- Champion information security best practice across the business and work alongside other departments and business units to ensure that all staff are aware of their obligations with regards to information and cyber security.
- Manage the company’s cyber awareness training programme, including online training and phishing campaigns.
- Work closely with the Head of IT to develop a prioritised, risk-based information security roadmap that informs and supports IT strategy.
- Maintain S-RM’s information security policy along with accompanying procedures, guidance and other relevant documentation.
- Manage the company’s data protection programme including data mapping, training, data privacy impact assessments (DPIAs) and ICO registrations.
- Manage the company’s information security risk management process, in line with industry best practice.
- Maintain an information security risk register that is updated at planned intervals and presented at monthly information security committees.
- Make recommendations for appropriate mitigation control measures and work with relevant stakeholders to continuously identify opportunities for improvement in S-RM’s information security management system(s).
- Review IT project plans and provide information security oversight, including advising on appropriate security control measures.
- Build and develop relationships with key members of S-RM’s Cyber Security business unit to understand current threats and trends and take advantage of in-house expertise and skill sets.
- Play a lead role as a core member of S-RM Incident Response Team, maintaining oversight on all information and cyber security related incidents.
- Provide assurance post-incident that risks and impacts have been handled effectively and ensure that any required remedial action is taken.
- Manage and coordinate the running of incident response table top exercises with the IT team.
- Work with S-RM’s IT team to develop streamlined processes for the management of outgoing and incoming vendor assessments, application approval, patch management and hardware imaging.
The role will be based in our London office but may involve some travel to international offices depending on business requirements.
SKILLS, QUALIFICATIONS & EXPERIENCE
The following qualifications and experience are essential requirements:
- 3 – 5 years’ experience in an information or cyber security role.
- Strong IT knowledge and experience.
- Extensive knowledge of Windows server, Office 365 and network security.
- Previous experience of working with industry best practice standards including ISO 27001.
- Good working knowledge of the General Data Protection Regulation (GDPR) and how it applies to IT operations.
- Strong technical information security skills, which may include recognised security accreditations (e.g. CISSP, CISM).
- Strong understanding of security technologies and best practices.
- Proven experience project managing within an IT transformation environment.
- Experience of internal auditing.
The individual will need to have the following key personal skills and attributes to perform successfully in this role:
- Strong analytical and risk analysis skills.
- Ability to work independently and as part of a team.
- Excellent written and verbal communication skills.
- Ability to build relationships and influence key internal and external stakeholders.
- Ability to explain information security risks in business terms.
- Highly motivated and results driven.
- Experience of working in a fast-paced environment.
The successful candidate must have permission to work in the UK by the start of their employment.