Information Security Risk & Compliance Manager – Luton – Up to £70k
- £60-70k base
- £5k car allowance or company car
- Private medical cover, with discount for family
- 5% matched pension
- Child care vouchers
- Company Bonus, paid every April. 2-3% of salary
- Salary sacrifice schemes
- Leisure & Product discount schemes
- 25 days holidays + bank holidays
- Free parking at Luton, can also be used when flying from Luton airport for free.
- Extensive Flight discounts for yourself, friends and family
- Life/death insurance
My client is a leading UK-based travel group with core activities in scheduled airline operations, tour operations and aircraft engineering.
We need someone to do a huge gap analysis and drive the remediation forward with the business. This would need to be someone who is used to coming up against red tape and really help to drive it forward, is this is yourself then read on and please do get in touch for a confidential chat and immediate consideration.
This position is a Managerial position and is responsible for ensuring compliance to relevant current PCI DSS and ISO Compliance, Governance and Risk Management standards, relating to all aspects of IT and related processes.
The Successful candidate would;
- Achieve and maintain compliance with the prevailing Payment Card Industry Data Security Standard
- Achieve and maintain compliance with the General Data Protection Regulation (GDPR).
- Drive the adoption and maintenance of all relevant Risk Management practices in line with the 27005.
- Adopt and maintain all relevant Asset Management practices in line with the ISO55000.
- Define a Compliance Strategy
- Analyse data and Report findings
- Establish a Compliance Program
- Implement the Compliance Program
- Maintain the Compliance Program
- Review and Update the Compliance Program
- To identify IS related risks that faces and maintain a register of those risks
- Verify compliance with information security requirements derived from; business functions, legislation, directives, regulations, policies, standards and guidelines.
- Ensure knowledge and control of changes to organizational systems and environments of operation.
- Maintain awareness of threats and vulnerabilities.
- To design and implement controls to protect from identified risks
- To monitor and report on the effectiveness of existing controls in the management of exposure to risks
- Ensure continued effectiveness of all security controls
- To resolve compliance incidents or problems as they occur
- To pro-actively manage root cause of problems to resolution
- Create and Maintain an IT Incident management procedure.
- To advise IT Management on rules and controls
- Produce metrics that provide meaningful indications of security status.
- Create an information security awareness program to customize communication tools and campaigns for each business unit and integrated services group
- In depth knowledge of national and international regulatory compliances and frameworks including; PCI DSS, ISO27001, 27002, 27005, The Data Protection Act, EU Data Protection Regulation, General Data Protection Regulation (GDPR)
- Fosters and builds a collaborative working relationship with various stakeholders
- Expert in information policy formulation and business risk management
- Competent in IT risk assessment and management, IT governance formulation, and organizational change management
- Working knowledge of IT financial management and IT audit
More than 10 years of relevant work experience, including consulting and general industry experience
Ideally the candidate would have one of the following:
- International Certificate in Risk Management
- International Diploma in Risk Management
- It would be advantageous for the candidate to be a previous PCI Qualified Security Assessor or current PCI Internal Security Assessor
- Certified Information Security Manager
- Certified Information Systems Security Professional
For immediate consideration please contact Sam Page
01908 88 60 37