SonicJobs Logo
Left arrow iconBack to search

Information Security Manager

Nigel Wright Group
Posted 19 days ago, valid for 7 days
Location

Newcastle Upon Tyne, Northumberland NE19 2BG, England

Salary

£40,000 - £48,000 per annum

info
Contract type

Full Time

In order to submit this application, a Reed account will be created for you. As such, in addition to applying for this job, you will be signed up to all Reed’s services as part of the process. By submitting this application, you agree to Reed’s Terms and Conditions and acknowledge that your personal data will be transferred to Reed and processed by them in accordance with their Privacy Policy.

Sonic Summary

info
  • A professional services firm is looking for an experienced Information Security Manager to oversee ISO27001, Cyber Essentials, and GDPR compliance programs.
  • The role involves managing information security risk assessments and collaborating with the IT team on system upgrades.
  • Candidates should have strong leadership skills, expertise in ISO27001 and Cyber Essentials, and a robust understanding of data protection legislation.
  • The position offers a hybrid working environment with a salary range of £70,000 to £90,000 and requires a minimum of 5 years of relevant experience.
  • Exceptional communication and relationship-building skills are essential for success in this standalone role.
The OpportunityProfessional services firm is seeking to recruit an experienced Information Security Manager to be responsible for managing the firm’s ISO27001, Cyber Essentials, GDPR compliance programmes and managing an on-going information security risk assessment programme. Working with the the wider firm, the Information Security Manager will deliver a commercial, pragmatic, effective and risk-based approach to activities that provide appropriate access to, and protect the confidentiality, availability and integrity of client, employee, and corporate information.  In addition, you will work with the firm's IT team on an on-going basis by providing advice and consultancy regarding the information security implications of any system upgrades. In addition you will advise on the drafting and embedding of information security policies, monitoring compliance, will assist with the assessment of cyber security risks, mitigation initiatives and will assist with the firm’s cyber security and information security incident response plans.The firm operates a hybrid working policy where you will work 2 days per week from the office.Unfortunately our client is unable to sponsor visas.The Role

Reporting to the Director of Risk & Compliance, in this stand alone role, you will be responsible for:

  • Advising and assisting the firm on all aspects of the development and implementation of information security strategies and initiatives, including the selection and implementation of security technologies.
  • Collaborating with key stakeholders and colleagues to ensure regulatory obligations and information security risks are managed effectively, particularly in areas of innovation and data usage. 
  • Advising and assisting on information security related aspects of projects put forward for implementation by the firm.
  • Managing all aspects of the firm's ISO27001 ISMS programme, including chairing the Information Security Committee.
  • Responsible for on-going compliance with data protection legislation including UK GDPR in conjunction with key stakeholders, including responding to DSARs, drafting DPIAs and data mapping/RoPA exercises. 
  • Aligning information security and data protection policies with business operations and strategies, ensuring compliance with ISO27001 and applicable legal and regulatory requirements.
  • Providing expert guidance and developing training and awareness programs to enhance information security awareness across the firm.
  • Conducting risk assessments related to information security and data protection and reporting findings to key stakeholders.
  • Managing security audits (internal, external and client driven), ensuring effective and timely remediation actions and risk mitigation.
  • Assessing and managing client requirements and supplier/third party risk by conducting security and data protection assessments of third party providers.
  • Leading on incident and breach management related to information security, including escalation, mitigation, and reporting.
  • Advising and assisting the firm and its key stakeholders on the implementation of new processes and modification of existing processes from an information security/ privacy by design perspective.
  • Advising and assisting with the firm's annual cyber insurance renewal ensuring appropriate coverage and compliance is maintained.  
  • Advising and assisting the firm's development of its BC/DR programme to ensure robust information and data security is maintained.  Member of the BC team. 
  • Proactively advises and is up to date with current and emerging security threats, technologies and legislative changes.

Occasional travel to other offices will be required.

The PersonAs an experienced Information Security Manager, you will possess:
  • Strong leadership in driving security initiatives within a firmwide context.
  • Expertise in information and cyber security controls, particularly ISO27001 and Cyber Essentials Plus, and comprehension of technical IT concepts.
  • Robust understanding of technical and organisational security controls, with a keen ability to evaluate and mitigate risks.
  • In-depth knowledge of data protection legislation (Data Protection Act 2018, UK and EU GDPR).
Industry certifications such as CISSP or CISM is beneficial though not essential.  Most importantly though, you will have:
  • Exceptional communication skills, with the ability to convey technical issues clearly to diverse audiences.
  • Strong relationship-building skills.
  • Excellent problem-solving and decision-making skills.
  • A proven ability to work both as part of a team and individually with a flexible "can-do" attitude.

Apply now in a few quick clicks

In order to submit this application, a Reed account will be created for you. As such, in addition to applying for this job, you will be signed up to all Reed’s services as part of the process. By submitting this application, you agree to Reed’s Terms and Conditions and acknowledge that your personal data will be transferred to Reed and processed by them in accordance with their Privacy Policy.