Information Security and Compliance Manager

  • Management
  • London

Our client is currently looking for an Information Security and Compliance Manager to join the team in London. They are currently looking for a highly motivated and results focused individual with a very good technical understanding of ISO standards. Your primary focus will be ensuring that our client is compliant with the standards whilst actively promoting, supporting and coordinating the management of Gemserv’s Integrated Management Systems. Due to the nature of Gemserv’s business, this is a critical role working directly with Gemserv’s Audit & Risk Committee, Executive Team, Senior Managers and employees to promote best practice and compliance to agreed processes and procedures within Information Security, Quality, Environmental and Energy Standards.

The successful applicant will lead on initiatives that build and engender a culture of compliance, risk management and continuous improvement throughout the business. Salary Range: 45,000 – 55,000 plus bonus and excellent benefits package   Information Security and Compliance Manager Duties:  Lead on the development of an integrated Management System, harmonising existing processes and management systems to promote Business Service Excellence through good practice and awareness; Assisting the development and maintenance of audit plan, communicating this with key stakeholders and within the wider business;  Schedule and co-ordinate internal and external audits, communicated well in advance within the business, with requirements clearly defined;  Liaise with external auditors to agree audit plans and ensure maintenance of the certification of standards held; Liaise with IT to ensure vulnerability scans and penetration tests are conducted within agreed timelines  Review vulnerability, penetration test and incident management reports  Documenting security breaches, post-incident and lessons learned activities for continual improvement.  Liaise with IT to ensure required controls are being maintained effectively to meet regulatory and standard requirements;  Managing risks of the business and ensuring all business risks are controlled to reduce potential loss to business. Updating and owning information security continuity of the business and schedule test plans accordingly.

  Being proactive in liaising with internal and external stakeholders on matters which relate to new or existing work and ensure changes in policies/ procedures are aligned to Gemserv’s Information Security and Quality Management systems and standards; Proactively engender a culture of best practice and procedure being adhered to that is efficient for the business and will ensure compliance; Proactively engage (via face-to-face meetings and dialogue) with Line Managers and Department Heads to promote, address and resolve key Management System issues, identifying, mitigating and managing potential risks; Analyse Information Security and Quality Management performance by liaising closely with all teams and customers, proactively addressing any issues, mitigating potential risks, identifying and recommending changes; Identifying and communicating regular threat updates impacting the business and technology landscape; Compile recommendations for the Executive Team on requirements for wider change(s) identified through observations and audits, engaging with the teams and working closely with them to produce Quality Improvement Plans. Undertake monthly one-to-one reviews with Department Heads to review quality, key issues and steps to improve engagement and compliance. Lead on the development and delivery of staff awareness events each year on Quality and Information Security Management; and  Provide subject matter expert/quality reviews on Company documents and projects (i. e.

tenders) as required; Information Security and Compliance Manager Requirements: Sound knowledge and understanding of Information Security Standards and Quality, specifically ISO 27001, 9001, and 14001 with a strong appreciation of continuous improvement; Certified internal auditor, with experience of auditing various sectors; Professional information security qualifications will be required (e. g. ISO 27001 LA, CISA, CISM). Relevant technical understanding of legislation around GDPR, UK Data Protection Act and relevant legal and regulatory requirements of the industries and jurisdictions within which our client operates; Experience of providing guidance and advice to clients and stakeholders in order to promote a consistent approach; An eye for detail for improving customer satisfaction and improving client relations by direct interactions and taking corrective actions accordingly; Experience within the energy and environmental market having worked in in a similar sized SME; Experience in presenting succinctly to Executive teams, Senior Managers and employees Excellent organisational skills in order to proactively manage the Quality and Information Security Systems, scheduling, communicating and overseeing internal and external audits;  Previous experience of building and managing stakeholder relationships; Ability to utilise diverse communications styles to engage stakeholders at different levels whilst being conscious of varying business priorities; Analytical skills, with an understanding of processes and controls;  Experience in managing multiple projects/ tasks and delivering to key milestones; Ability to work under pressure whilst meeting tight deadlines; Excellent attention to detail and a solution-oriented approach.

Engage with all levels of management to identify any continuous improvement action for the business. Information Sec

Tagged as: Reed Sec. Mgr.

Source:

Before applying for this position you need to submit your online resume. Click the button below to continue.