Information Security and Data Privacy Manager
This is a key business partnering role that will see you advise at a senior level on a range of information security and data privacy issues at round table discussions.
You’ll bring in-depth information security knowledge, coupled with an awareness of Data Privacy. Maybe you’re lacking in formal certifications but have significant on-the-job experience. What matters most is your demonstrable ability and knowledge.
Being a technical expert, you’ll combine this expertise with great communication skills, thriving on articulating the complex in simple terms. Someone who enjoys influencing senior stakeholders whilst explaining the whys and wherefores of information security, you’ll understand the need for diplomacy and tact, as well as be confident standing your ground when needed.
This is a chance for someone to really demonstrate their information security knowledge, promoting and implementing ISDP functions as part of wide-reaching strategy across business units of a truly global organisation. You’ll have some operational experience, but be ready for working at a higher level, being a focal point for governance, risk and compliance.
My client offers a fantastic environment, with flexible working around core hours, opportunities to work from home, and a commitment to ethical and progressive.
ABOUT THE BUSINESS
Established for nearly 500-years they have always been home to the inquisitive, the passionate, and the ambitious. They thrive on new ideas and fresh thinking, and offer the opportunity for individuals and teams to make their mark.
They invest heavily in innovations in the development and delivery of world-class content, and engage with academics and educators around the world to find new and better ways to make information accessible. With a presence in more than 50 countries and millions of customers around the world, an idea launched at has global impact.
ABOUT THE ROLE
Reporting to the Chief Information Security and Data Privacy Officer, this management role will provide direction and ownership of information security and data privacy risk management in relation to people, process and technology across the organisation. The job holder will be accountable for implementation of security governance and auditing throughout the organisation.
This post won't feature line management, but will see you operate at a senior level, engaging at high-level round table discussions, providing advice and assurance.
Key accountabilities for this role include:
- Responsible for the implementation of the information security and data privacy strategy and risk management framework to ensure that information assets across the organisation are used, managed and protected in accordance with applicable legislative and regulatory requirements.
- Responsible for the creation and implementation of the Divisional and Group Functions ISDP Roadmaps to address gaps resulting from all current state assessments to support improved security maturity.
- Collaborate with the Chief Information Security and Data Privacy Officer in the development and implementation of appropriate information security and privacy policies, processes and other resources, Ensure all resources meet applicable legislative and regulatory requirements.
- Responsible for raising awareness across the group of the importance of information security and data privacy through the creation and delivery of appropriate training and other awareness initiatives, to ensure the proper implementation of and adherence to the organisations strategy and policies, both by staff and relevant third parties.
- As subject matter expert undertake due diligence and compliance monitoring of relevant third parties to ensure that Company information security and data privacy requirements are complied with.
- As subject matter expert provide relevant information to allow performance against identified objectives to be monitored, measured, and reported on to the Information Security and Data Privacy Steering Committee and other key stakeholders as needed.
- As subject matter expert lead the incident response mechanism to allow the organisation to respond to information security incidents in a timely, proportionate and effective manner and to monitor and report on any such incidents
- Working closely with Divisions, Group Functions and Global Technology, responsible for ensuring that newly acquired or developed assets or technology undergo a business and privacy impact assessment to identify relevant risks to ensure that all relevant information security and data privacy considerations have been taken into account in accordance with company policy.
- Remain informed on information security and privacy laws, trends and issues, including current and emerging technologies, legislation and best practices; advise and educate stakeholders on their relevance and impact, recommending and implementing changes to Company policy and/or practice where appropriate.
Ideally you will be able to clearly demonstrate:
- Very Strong working knowledge of information security standards and best practice such as ISO 27001
- Very Strong Experience of information Security consultancy in a commercial environment
- In-depth knowledge of global technological trends and developments in information security and risk management
- In-depth knowledge of privacy laws and standards, though this is less essential.
- In-depth knowledge of PCI DSS (desirable but by no means essential)
- Professional certification such as CISSP, CISM, CISA or other information security credentials (not essential)
- Strong Communication Skills
- Self-starter approach and the ability to work on own initiative
- Strong influencing and stakeholder management skills
- Ability to build relationships at all levels
- Willingness to travel