Reporting to the Director of Risk & Compliance, in this stand alone role, you will be responsible for:
- Advising and assisting the firm on all aspects of the development and implementation of information security strategies and initiatives, including the selection and implementation of security technologies.
- Collaborating with key stakeholders and colleagues to ensure regulatory obligations and information security risks are managed effectively, particularly in areas of innovation and data usage.Â
- Advising and assisting on information security related aspects of projects put forward for implementation by the firm.
- Managing all aspects of the firm's ISO27001 ISMS programme, including chairing the Information Security Committee.
- Responsible for on-going compliance with data protection legislation including UK GDPR in conjunction with key stakeholders, including responding to DSARs, drafting DPIAs and data mapping/RoPA exercises.Â
- Aligning information security and data protection policies with business operations and strategies, ensuring compliance with ISO27001 and applicable legal and regulatory requirements.
- Providing expert guidance and developing training and awareness programs to enhance information security awareness across the firm.
- Conducting risk assessments related to information security and data protection and reporting findings to key stakeholders.
- Managing security audits (internal, external and client driven), ensuring effective and timely remediation actions and risk mitigation.
- Assessing and managing client requirements and supplier/third party risk by conducting security and data protection assessments of third party providers.
- Leading on incident and breach management related to information security, including escalation, mitigation, and reporting.
- Advising and assisting the firm and its key stakeholders on the implementation of new processes and modification of existing processes from an information security/ privacy by design perspective.
- Advising and assisting with the firm's annual cyber insurance renewal ensuring appropriate coverage and compliance is maintained. Â
- Advising and assisting the firm's development of its BC/DR programme to ensure robust information and data security is maintained. Â Member of the BC team.Â
- Proactively advises and is up to date with current and emerging security threats, technologies and legislative changes.
Occasional travel to other offices will be required.
The PersonAs an experienced Information Security Manager, you will possess:- Strong leadership in driving security initiatives within a firmwide context.
- Expertise in information and cyber security controls, particularly ISO27001 and Cyber Essentials Plus, and comprehension of technical IT concepts.
- Robust understanding of technical and organisational security controls, with a keen ability to evaluate and mitigate risks.
- In-depth knowledge of data protection legislation (Data Protection Act 2018, UK and EU GDPR).
- Exceptional communication skills, with the ability to convey technical issues clearly to diverse audiences.
- Strong relationship-building skills.
- Excellent problem-solving and decision-making skills.
- A proven ability to work both as part of a team and individually with a flexible "can-do" attitude.