SonicJobs Logo
Left arrow iconBack to search
  1. Home
  2. Manchester
  3. Ict security manager
  4. Information Security Management System Manager

Information Security Management System Manager

Ballyvesey Holdings Limited
Posted 8 hours ago, valid for 14 days
Location

Manchester, Greater Manchester M17 1DJ, England

Salary

£45,000 - £54,000 per annum

info
Contract type

Full Time

In order to submit this application, a Reed account will be created for you. As such, in addition to applying for this job, you will be signed up to all Reed’s services as part of the process. By submitting this application, you agree to Reed’s Terms and Conditions and acknowledge that your personal data will be transferred to Reed and processed by them in accordance with their Privacy Policy.

Sonic Summary

info
  • Ballyvesey Holdings is seeking an ISMS Manager to oversee the implementation and maintenance of their Information Security Management System (ISMS).
  • The ideal candidate should have a minimum of 5 years of relevant experience in information security and compliance requirements, with a strong understanding of ISO 27001:2022 and other security standards.
  • The role involves creating and updating security policies, conducting risk assessments, and preparing regular reports on ISMS performance and compliance status.
  • Candidates with professional certifications such as CISSP, CISM, or ISO 27001:2022 Lead Implementor/Auditor are preferred, along with solid knowledge of IT architecture and risk management practices.
  • Salary details are not explicitly mentioned in the job description, but the position requires a strategic and collaborative approach to security within a dynamic environment.

Ballyvesey Holdings is the privately owned parent company of a wide range of trading subsidiaries. Established in 1970, the group’s main activities are centered around commercial vehicles in transport and logistics, vehicle rental, truck and van sales, aftersales support and maintenance, trailer manufacturing and spare parts sales, transport industry services, construction equipment sales and rental, and property development.

The ISMS Manager is an important role, sitting within the Security and Governance function who are responsible for setting security and governance polices relating to Information and Cyber Security in all areas of the business, and work towards the company’s continual improvement of security posture and maturity level.

Position in organisation

Reports to            Head of Security and Governance

Accountabilities and Requirements

  • The ideal candidate will have a strong background in information security, a deep understanding of compliance requirements, and the ability to architect a common control framework adaptable to various security standards.
  • You'll lead the implementation and ongoing maintenance of the Information Security Management System (ISMS), initially in line with the requirements of the ISO 27001:2022 standard and any iterations thereafter.  Followed by 27017, 22301 and 27701.
  • Play a key role in consolidating ISMS activities where applicable as well as supporting ongoing certification requirements.
  • Working with the various technology controls team to ensure the requirements, including evidence of control operation are met and can be evidenced.
  • Collaborate with cross functional teams to ensure mandated security controls and risk treatment plans are integrated into business processes and IT systems.
  • Assist in the coordination of ISMS control monitoring activities.
  • Create and update information security policies, procedures, and guidelines to align with the ISMS and compliance requirements.
  • Conduct relevant risk assessments and help develop mitigation strategies to address identified risks.
  • Prepare regular reports on ISMS performance, compliance status, and security metrics.
  • Establish a continual improvement policy with respect to information security.
  • Liaise with IT and other departments on ISMS related work items.
  • Coordinate ISMS maintenance activities and ensure audit readiness.
  • Establish and maintain common ISMS artefacts, including applicable scoping documents, policies and standards and risk treatment documentation.
  • Liaise with internal audit team to plan required ISMS internal audits to ensure compliance with ISMS and regulatory requirements and assist with audit remediation activities.
  • Coordinate external audits as necessary.
  • Stay informed about the latest trends and developments in information security, ISO 27001 and other standards and supporting guidelines, and proactively recommend enhancements to the ISMS.

Desirable

  • Solid understanding and practice of IT architecture, infrastructure and information security.
  • Experience in implementing and ongoing management of an ISMS and maintaining ISO 27001 certification in a complex multi-faceted business.
  • Professional certification in CISSP, CISM or equivalent is considered an advantage, as is ISO27001:2022 Lead Implementor/Lead Auditor qualifications.
  • Formal qualifications in cyber risk management, data protection and project management, including ISO 27005.

Key Competencies

  • Proven experience in implementing and maintaining ISMS and compliance frameworks.
  • Working knowledge of DORA, ISO27001, NIS2, Cyber Essentials Plus and other relevant security standards and regulations.
  • Knowledge of European Union Directives including privacy regulations and cross border personal data transfer requirements (GDPR).
  • Proven experience of risk management practices including the use of ISO 27005.
  • Ability to design and manage a common control framework.
  • Awareness of monitoring tools to ensure security compliance.
  • Experience with incident response procedures and reporting processes.
  • Knowledge of Disaster Recovery process and testing.
  • Strong communication skills, both verbal and written, with the ability to pitch according to audience and deal with people in a professional, courteous manner in diverse situations.
  • Ability to lead and collaborate with cross functional teams in a dynamic environment.
  • Business acumen, ability to take a strategic and commercial view
  • Up-to-date knowledge of cyber and information security trends and threats.
  • Good time management skills with the ability to prioritise workloads.
  • A flexible approach to ensure all deadline are met.
  • Proficient in using common business applications, including Microsoft Office Suite.
  • A team player.
  • Minimum 5 years relevant experience.
  • Listening and Organising.
  • Assessing Risks and Decision-Making.
  • Committed and reliable.
  • Hold yourself to the highest ethical standards.
  • Adaptable to the ever changing and fast-paced world of information and cyber security.

At Ballyvesey Holdings your right to privacy is important to us. By applying for this job, your information will be entered into our recruitment system. This will enable you to register for job alerts, apply for jobs and for us to help you find your next role. To read our full privacy policy please follow the link: https://privacy-policy/

Apply now in a few quick clicks

In order to submit this application, a Reed account will be created for you. As such, in addition to applying for this job, you will be signed up to all Reed’s services as part of the process. By submitting this application, you agree to Reed’s Terms and Conditions and acknowledge that your personal data will be transferred to Reed and processed by them in accordance with their Privacy Policy.

Logo
SonicJobs
Your next career move. Sorted.
Search jobsbackground image

Contact us

© 2017 - 2024 SonicJobs App Ltd. All rights reserved

Terms & Conditions | Privacy Policy | AI Agent | Browse Jobs