Information Security Manager
£450 - £500 - Inside IR35
This role is subject to security vetting to SC level.
Occasional working from home may be possible.
To provide dedicated information risk and accreditation management and information systems control expertise to the organisation and its service delivery partners.
To provide day-to-day information security management and implementation advice, guidance and monitoring of the systems information exchange processes and systems data holdings
To provide expert advice and guidance on the implementation of HMG SPF controls and policies.
Head of Risk and Information Assurance
The Risk and Information Assurance Team
The jobholder will be required to establish and maintain strong, positive working relationships with key stakeholders including:
- Executive Management
- ICT Services Staff
- Service Delivery Partners
- Other Suppliers and Customers as necessary
- Proven experience in a services delivery organisation (public or private sector) in a similar role - examples are:
- an Information Security Officer (ISO)
- an Information Risk Manager
- an IT Security Officer (ITSO)
- an IT security and systems auditor
- Proven ability to assess information systems processes and ICT services and systems threats, vulnerabilities and risks.
- Proven ability to write reports and deliver presentations on information risk management, systems process control, ICT security.
- Proven ability to author information security policies and procedures.
- Experience of managing budgets.
- Experience of managing a team of technical specialists.
- Works and communicates effectively and fluently with managers and staff - able to explain complex technical issues in terms that non-technical managers and staff will understand.
- Able to meet deadlines, prioritise and organise a busy schedule of work.
- Ability to work on own initiative as well as member of a team and as an effective customer service focused deliverer.
- Creative, enthusiastic and committed to the role.
- Flexible, confident and persuasive, able to influence decision makers.
- Candidates must be able to demonstrate a level of awareness of equality and diversity issues appropriate to this role.
- Industry recognised qualifications relevant to information risk and security management (examples are CISSP, CLAS, CISM, CISA, ISO27001 Auditing).
- Experience of ICT security management, planning, implementation and monitoring.
- Understanding of ITIL service processes and management relevant to information security.
The main responsibilities of the post are to:
- Advise on all aspects of information assurance management and to assist senior management in maturing our Information Assurance management arrangements.
- Manage and advise on the organisation's Information Assurance budget allocation ensuring value for money requirements are met.
- Ensure that we remain compliant with the minimum mandatory measures of the Security Policy Framework (SPF) and associated HMG Information Security Standards.
- Keep abreast of developments and changes in government and industry information assurance policies and practices with a specific emphasis on Protecting Personal Data and Managing Information Risk.
- Assist department/division managers and our contracted services providers to remain proactive in assessing and minimizing information security risks and business impacts arising from information processing and ICT services and systems threats and vulnerabilities.
- Author, update and advise on changes to information risk management and information security policies and procedures as well as oversee their implementation with managers and staff.
- Undertake risk and privacy impact assessments together with department/division managers and appointed security consultants and services providers.
- Monitor the effectiveness of our security policies and practices covering physical, procedural and technical controls.
- Act as the internal accreditation support resource co-ordinating information security work of service providers, suppliers and consultants - e.g. on risk assessments, accreditations and penetration tests.
- Assist and advise service and project managers on aspects of ICT security ensuring that risk management and accreditation is embedded within all stages of project and systems lifecycle.
- Monitor and keep under review the organisations security incident management/reporting processes and maintain/monitor the information security risk register/s for specific areas/systems and the overall organization.
- Manage direct report staff in line with policies and procedures
- Deputise for the Senior Information Risk Officer.
- Undertake any other reasonable duties as requested from time to time, within the job-holders capabilities.
Please get in touch to learn more