Information Security Manager – Lincolnshire
£65-75k + £4.2k Car allowance, 6% pension matched, 25 days holidays.
Our client are an ambitious, progressive organisation which strives to provide modern and responsive public services to the residents of Lincolnshire. They are a large diverse employer which recognises and values the contribution of their workforce. Proud of achievements, they look to strengthen current workforce in a range of service areas.
The Information Security Manager will be required to take operational ownership of all information security management processes, including:
- Information security risk management
- Information security incident management
- Information security assurance activities
- Support a variety of projects and design activities, including:
- security factors such as HMG policy and good practice,
- assurance requirements,
- technical requirements,
- selection of security technologies and controls,
- physical security requirements,
- Personnel and / or procedural requirements.
- Be responsible for maintaining compliance with legal, regulatory, and contract-specific security standards – specifically ISO27001, PCI-DSS, and the Data Protection Act.
- Adopt a proactive approach to security management and security assurance coordination, ensuring smooth running of scheduled activities (penetration tests, security documentation review) and gaining the trust of key stakeholders (including customer representatives and accreditors).
- Engage with external audit and assurance providers, including IT Security Health Check suppliers, scoping test plans and helping stakeholders interpret the results of the tests and audits, as well as supporting the implementation of any remedial actions, where required.
- Create and implement a comprehensive Information Security Policy and related processes and procedures in line with ISO27001 and Government policies. Undertake gap analyses against formal security frameworks (particularly ISO27001), reporting on areas of deficiency and producing remedial action plans (where appropriate).
- Manage security incident responses and conduct investigations to understand the source of security breaches, assess and contain damage and devise measures to protect against future breaches.
- Raise awareness of information security principles and ensuring compliance with policies, legal and regulatory requirements.
- Maintain all relevant documentation relating to information security.
Technical and professional skills, knowledge and qualifications:
The candidate should have a broad Information Security knowledge, ranging from developing and reviewing security architectures through to risk assessment and certification. Excellent communications skills (written and oral) are essential, as is knowledge and experience of ISO 27001 and PCI-DSS.
- Certified Information Security Manager (CISM)
And / or
- Certified Information Systems Security Professional (CISSP)
And / or
- Qualified ISO27001 Lead Auditor and / or Implementer
- Certificate in Information Security Management Principles (CISMP)
Knowledge and understanding of multiple Information Security-related requirement sources/standard, examples:
- The Government Security Policy Framework (SPF), along with HMG and CESG security standards, memoranda and guidelines
- PCI-DSS, PA-DSS (Payment Card Security)
- ISO27001 (Information Security Management)
- N3/NHS codes of connection
- PSN connectivity and codes of connection
- Data Protection Act
- BS 25999 / ISO22301 (Business Continuity Management)
- UK Government Cyber Essentials Scheme
For more information please contact Sam Page.
01908 88 60 37