Location: Leicester HQ
Reporting to: CTO
The opportunity has arisen for an Information Security & Governance Manager based in Leicester this is a senior position reporting to the CTO. In this role you will be engaging with the wider business and key stakeholders to drive the continual improvement of information security practices across the organisation to ensure the ongoing compliance to ISO 27001 and data protection regulations. This senior position presents a great opportunity to an individual with a technical background who has several years’ experience working in an information security role.
- Act as subject matter expert to the business on all areas of information security and privacy.
- Develop Information Security strategy in line with organisational objectives.
- Ongoing management, maintenance, and continual improvement of the organisations Information Security Management System and Data Protection Framework.
- Develop and improve organisational policies and procedures.
- Undertake ISO 27001 extension to scope audits as required to align new acquisitions to the central ISMS.
- Work closely with the wider business to ensure security and privacy is embedded into working practices and processes.
- Chair the Information Security Steering Group and oversee monthly management review meetings reporting.
- Work with the Head of IT to identify, procure and install security-related applications and services in support of the organisational security strategy.
- Raise awareness of information security and privacy across the organisation.
- Own the Security Incident Management Process and ensure stakeholders know their responsibilities and the process is regularly tested through the use of tabletop exercises and playbooks.
- Carry out information security and privacy risk assessments and internal audits.
- Develop, monitor, and report on key IT security metrics.
- Undertake third party due diligence and risk assessments.
- Stay abreast of new and emerging threats and communicate them to the business accordingly.
- A solid understanding of The UK Data Protection Act, GDPR, ISO 27001 and the Cyber Essentials scheme.
- Previous experience managing and maintaining Information Security Management Systems.
- The ability to understand business context and technology landscape and apply appropriate security solutions in response to different risks and needs.
- Strong stakeholder management and good communication skills.
- Must be able to articulate security and privacy risk to non-technical users.
- Relevant security-related qualifications such as CISSP, CISM, CRISC, CISA, Lead Auditor, QSA would be advantageous.
In addition to this Bellrock also offers the successful candidate employer contributed pension scheme and a Company Retail Discount Scheme
If you are interested in applying, please submit your CV and covering letter via the link or directly to firstname.lastname@example.org
STRICTLY NO AGENCIES PLEASE.