Accessibility Links

Information Security Manager

  • Salary: Negotiable
  • Job type: Contract
  • Location: Nottingham, Nottinghamshire
  • Sector: Risk & Compliance
  • Date posted: 28/02/2017
  • Job reference: J362654A
This vacancy has now expired.

Our client, a leading Utilities organisation, is looking for an Information Security Manager to join their team.

This is a contract position based in Nottingham running initially until the end of 2017.

The Role:

The Business IT UK Security Manager will ensure that the Business IT UK functional organisation is compliant with its regulatory and internal policy requirements relating to information security.

Key Responsibilities:

  • Tracking and managing the compliance level of Business IT UK services against the required compliance frameworks
  • Ensuring that all documentation required to evidence compliance is up to date and readily available (including gathering evidence from outsource providers)
  • Providing a key role in security compliance audits
  • Tracking and managing the resolution of any compliance issues identified in a security compliance audit.
  • Coordinating technical security assessments (penetration tests) and regular vulnerability scans of IT environments with high protection requirements.
  • Tracking and managing the resolution of any vulnerabilities identified in technical security assessments.
  • Providing reporting/MI on compliance activities to various senior stakeholders.
  • Ensuring compliance training within Business IT UK is completed and monitor its effectiveness, adjusting as necessary
  • Performing threat, vulnerability and risk assessments against concepts, designs and providers in accordance with ISO27005.
  • Working with risk owners to identify treatment options to manage information security risk.
  • Review and update risk assessments and registers on a periodic and as-required basis, supporting the risk owner.
  • Supporting the development and review of the security architectures, high and low level designs that represent systems. (Will be produced by relevant designers and architects.)

Skills Required:

Essential:

  • Experience of operating within a highly regulated/controlled IT organisation and environment
  • Tracking and managing compliance to various frameworks
  • Ability to assess information security risk and identify treatments to manage these to an acceptable level in compliance with ISO27005
  • Proven ability to work with business and technical analysts in defining security requirements and processes
  • Experience with ITIL based service operations and ITIL certified
  • Experience with working within and supporting an ISO27001 compliant ISMS
  • Experience of preparing for and supporting externally driven security relevant audits (i.e. ISO27001 certification audits, ISAE SOC I/II, PCI-DSS etc.)
  • Must demonstrate an aptitude for understanding and communicating both business & technical risk

Desirable:

  • Working with outsourced IT infrastructure providers
  • Experience of working with colleagues based internationally with different working environments and cultures
  • Experience with application security and implementing security into software development lifecycles (SSDL)
  • Experience of scoping and managing the output of technical security assessments
  • Excellent stakeholder management skills, including interacting and communicating effectively with senior-level executives

Interested candidates should submit their CV in the first instance. For more information please contact Gemma Grayson on 0161 924 3949.