Information Security Manager
Your role will be to lead the improvement of our security controls and visibility across the global operation. This will be done as part of managing our compliance with ISO/IEC 27001:2013. As a key role within the organisation you will be responsible for co-ordinating the day to day security in line with our compliance requirements and ensuring that effective communications take place in a timely manner. You will further be required to manage various compliance related activities such including the internal and external audit schedule, remediation activities and effectiveness measurements. In addition you will lead Security Incident Management activities together with our Problem and Incident Manager.
You will need to demonstrate a working knowledge of Security program management, reporting metrics and how to deliver effective communications.
The right person for this role will be pro-active and independent minded, resilient in the face of difficulties, with a keen eye for detail and the ability to complete tasks in an effective and timely manner.
There is potential for the right person to progress to the role of Information Security Manager within the organisation following successful completion of agreed certification training.
• Monitor and Improve security controls within Creditsafe, aligning with the ISO/IEC
• 27001:2013 standard across existing accredited areas of the business
• Own the ISO 27001 implementation and ensure its alignment with business practices
• Manage and support expansion of new certification programmes across the business
• Perform regular security and compliance activities including security compliance reviews
• Manage security incidents to closure
• Perform and manage the group Information Security risk management program
• Lead the Security and Compliance standardization programme
• Coordinate the regular internal and external audit activities including organising participants and manage resulting actions• Coordinate the regular internal and external audit activities including organising participants and manage resulting actions
• Manage internal Security communications and education programme
• Compile and Manage group wide security and compliance metrics reporting
• Work with business and technical functions to align policy to practice and vice versa
Essential Knowledge & Skills:
• Clear and concise communicator
• Knowledge of Security and compliance frameworks such as ISO27001
• Able to put order into desperate and complex data sets
• Ability to manage and collaborate with multidisciplinary teams,
• Strong organizational skills,
• Strong Microsoft Excel, Word, PowerPoint and Visio skills,
• Strong project management skills
• Prior experience in an information security or regulatory role
Essential qualifications & specialist training:
• ISO 27001 internal auditor
• Degree educated or relevant commercial experience
Desirable qualifications & specialist training:
• CSRM – Cyber Security Risk Management
• CISM – Certified Information Security Manager
• BCS CISMP – Certificate In Information Security Management Principles
• CISA – Certified Information Systems Auditor
• Recognised Project Management certification such as PRINCE2 or APM Project Fundamentals (PFQ) or equivalent experience.