Our client, a leading Utilities organisation, is looking for an Information Security Manager to join their team.
This is a contract position based in Nottingham running initially until the end of 2017.
The Business IT UK Security Manager will ensure that the Business IT UK functional organisation is compliant with its regulatory and internal policy requirements relating to information security.
- Tracking and managing the compliance level of Business IT UK services against the required compliance frameworks
- Ensuring that all documentation required to evidence compliance is up to date and readily available (including gathering evidence from outsource providers)
- Providing a key role in security compliance audits
- Tracking and managing the resolution of any compliance issues identified in a security compliance audit.
- Coordinating technical security assessments (penetration tests) and regular vulnerability scans of IT environments with high protection requirements.
- Tracking and managing the resolution of any vulnerabilities identified in technical security assessments.
- Providing reporting/MI on compliance activities to various senior stakeholders.
- Ensuring compliance training within Business IT UK is completed and monitor its effectiveness, adjusting as necessary
- Performing threat, vulnerability and risk assessments against concepts, designs and providers in accordance with ISO27005.
- Working with risk owners to identify treatment options to manage information security risk.
- Review and update risk assessments and registers on a periodic and as-required basis, supporting the risk owner.
- Supporting the development and review of the security architectures, high and low level designs that represent systems. (Will be produced by relevant designers and architects.)
- Experience of operating within a highly regulated/controlled IT organisation and environment
- Tracking and managing compliance to various frameworks
- Ability to assess information security risk and identify treatments to manage these to an acceptable level in compliance with ISO27005
- Proven ability to work with business and technical analysts in defining security requirements and processes
- Experience with ITIL based service operations and ITIL certified
- Experience with working within and supporting an ISO27001 compliant ISMS
- Experience of preparing for and supporting externally driven security relevant audits (i.e. ISO27001 certification audits, ISAE SOC I/II, PCI-DSS etc.)
- Must demonstrate an aptitude for understanding and communicating both business & technical risk
- Working with outsourced IT infrastructure providers
- Experience of working with colleagues based internationally with different working environments and cultures
- Experience with application security and implementing security into software development lifecycles (SSDL)
- Experience of scoping and managing the output of technical security assessments
- Excellent stakeholder management skills, including interacting and communicating effectively with senior-level executives
Interested candidates should submit their CV in the first instance. For more information please contact Gemma Grayson on 0161 924 3949.