Information Security Manager
- Up to £65k
- Matched pension
- 25 days holiday + Bank holidays
- Christmas Bonus 5-10%
A global family of companies and one of the largest producers and distributors in the world, striving to be the leaders of innovation within the industry. With over 7,000 employees working across 90 countries.
Reporting to the Head of Risk and Information Security, the Information Security Manager has accountability for monitoring and reporting on the compliance of operations to company policies.
The role is responsible for planning, designing, and testing technical and process controls to support and enforce compliance according to best practices, while ensuring high levels of customer service quality and availability.
- Maintain an audit based continuous improvement program to track and deliver security improvements across all areas of the business
- Work with the Head of Risk and Information security to maintain the security documents (policies, standards and base guidelines)
- Act as the subject matter expect for Information security within the providing appropriate advice and guidance to colleagues
- Raise the profile of security within the by being proactively involved with colleagues. Provide consultation and/or education as needed
- Monitor and report on compliance with IS policies, as well as the enforcement of policies within the business, through structured audit of the operating model and controls framework to test existing controls
- Recommend and coordinate the implementation of technical controls to support and enforce defined security policies
- Design, co-ordinate and oversee security testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks.
- Ensure that the approach to patching remains effective and reduces system vulnerabilities in the most effective and efficient way
- Supervise investigations into problematic activity and provide structure report on findings, ensuring remediation actions are clearly owned and on the security road map
- Develop a strong working relationship with the group security team to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements.
- Monitor and report on compliance with security policies for access reviews
The following experience, skills and personal characteristics will be key to success in the role:
- A solid understanding of infrastructure management within a global organization
- Experience of design and implementation of security testing procedures.
- Sound understanding of security of systems, networks and applications, and associated risks
- Experience of looking after a multidimensional business agenda of various day-to-day compliance matters
- Experience of establishing credible relationships within IT and Business community with examples of driving risk and security initiatives
- Energy, drive and influence to deliver
- A practical pragmatic and hands-on approach
- Proven stakeholder management skills
- Able to cope under pressure and manage a wide range of activities
Knowledge & Experience
- Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks
- A strong understanding of the business impact of security tools, technologies and policies.
- Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
- Experience in system technology security testing (vulnerability scanning and penetration testing).
- Previous experience of working with legal, audit and compliance teams
- Strong team building, leadership, motivation and communication skills to work effectively
Notes from the meeting with the hiring manager – Head of IS & Risk
There are 170+ people in the offices.
This role sits under 5 senior managers within the Operational Management tier. Its fast paced as this is a service environment.
Core hours are 830-5pm.
This role is paying up to £65k with a 10% bonus, average pay out on bonuses have been between 5-10% for the past 3 years running.
Role deliverables, duties and key skills needed:
You’ll be working within a company who sell their services across a group of 25 companies, so you’ll need strong stakeholder management skills.
They have a security policy review coming up so will want to hear about your experience around that.
Security awareness training is big on their 2018 agenda so they’ll want to know about any experience you have around writing content and delivering training
Creation of policy and procedure documents from scratch – they need someone who can rewrite, advise and implement, not someone to follow current guidelines and tick boxes.
They’ll want to know your approach on patch management. They need to patch over 1000 devices so would want a structured answer to how you’d go about doing this.
There is an element of infrastructure and security controls to this role. LAN, WAN & server hardening as well as technical risk assessments.
For a confidential chat and to find out more please do contact Sam Page at identifi Global:
01908 88 60 37