DS-070120-InfoSec
Good salary and benfits package

The Role

My client is undertaking a change and modernisation programme that has identified some new key roles. This role is a new role with some existing junior members reporting into them. The successful candidate will have the opportunity to shape and influence the InfoSec team and how it operates. 

The Information Security Manager is a key player in developing, maintaining and delivering the Information Security Strategy across the Company to ensuring that it meets current and future business requirements

They are also responsible for overseeing and controlling all aspects of Information Security against threats such as security breaches, computer viruses or attacks by cyber criminals

They will also play a pivotal role in mitigating risk of potential Information Security breaches as well as managing the Information Security response to any incident that may arise

 This incumbent in the role will be the subject matter expert within the Information Security discipline

The Working Environment

 

Given the nature of this role, the incumbent will work with all areas of the business including key stakeholders and departments including, but not limited to, Risk, Audit, Legal and Business Change

The incumbent will build key relationships with all teams / colleagues within the IT department and will have the ability to utilise the skills and proficiencies each of the teams can offer

The incumbent will act as the principal contact between the external managed Security Operations Centre (SOC) and the Company and other third-party Information Security vendors / suppliers

 

Responsibilities

 

  • In conjunction with the Head of IT, develop, maintain and deliver the Information Security Strategy ensuring that it meets current and future business requirements
  • To act as the point of contact between the Company and the external Managed Security Operations Centre (SOC) to ensure agreed service levels are maintained and regular reviews are scheduled
  • To carry out technical vulnerability assessments of IT systems and processes, identifying potential vulnerabilities, to make recommendations to IT Management to control any risks identified and to ensure they are implemented
  • To respond rapidly and effective to Information Security incidents, managing the incident in a professional manor including computer forensics for evidence gathering and preservation. Appropriate and sensitive handling of effected staff and efficient liaison with both internal and external entities and law enforcement agencies when required
  • To work closely with key stakeholders including Risk, Audit, IT to assist and provide input to ensure that Company policies and procedures for Information Security are effective and adhered to. To be proactive in making recommendations for updates to policies and procedures as required
  • To assist in the development and implementation of a robust set of Information Security standards based upon best practices and lead by example to provide excellent security guidance
  • To provide high quality Information Security guidance documentation and training including the annual Information Security / Cyber Security staff briefing
  • To become the definitive point of contact for all Information Security matter throughout the Company and be an external representative as the Information Security subject matter expert
  • To maintain the Information Security aspects of the IT Risks and Controls register and carry out actions to mitigate the risks identified
  • Assist in the development and maintenance of a Cyber Incident Security plan including the planning and scheduling of regular Cyber Incident scenario testing exercises
  • To keep up to date with security trends, threats and control measures and recommend new solutions and initiatives that will enhance the protection of the Societies assets and data
  • To lead and manage the Information Security team to ensure all objectives are met within a timely and professional manner and to coach, mentor and develop colleagues within the Information Security team and undertake regular reviews (including 1:1, appraisals)
  • To ensure Information Security reports, dashboards and audits are completed on schedule including alignment to the Cyber awareness assessment report
  • To assist with various tasks / solutions, including but not limited to, SIEM / EDR / UBA solutions, SOC relationship, vulnerability scanning, patch management, penetration testing, phishing testing, intrusion prevention, e-mail monitoring, data loss prevention, user access, user awareness, disaster recovery and business continuity 

 

Skills / Experience Required

 

  • A degree in an Information Technology or Computer Science discipline or significant hands-on experience
  • 10 years of related work experience, with 3 or more years in an Information Security Management position, ideally within a Financial Services led environment or equivalent highly regulated industry  
  • Certification in Information Security (CISSP, CISM etc.) or comparable work experience
  • A strong technical understanding and background
  • Full UK driving license

 

Working Behaviours

  • Excellent interpersonal, written and verbal communication skills and the ability to work well with people at every level
  • Ability to work with autonomy, be organised and able to work under pressure
  • Strong relationship management and influencing skills
  • Attention to detail to ensure accurate assessment and management of risk
  • Strong analytical skillset
  • Ability to effectively prioritise situations requiring urgent attention
  • The ability to inspire the team to think ‘outside of the box’ and go the extra mile
  • Pro-activity and self-motivated with the proven ability to drive results and provide excellent customer services to all levels of the organisation
  • High level of motivation to see success delivered through own personal efforts and those around them
  • Ability to demonstrate and enhance the core values of the Company
  • Willingness to work outside of normal working hours when required and provide out of hours support in line with the on-call rota

 

Benefits

  • Competitive salary and benefits
  • 25 days annual leave plus 8 bank holidays
  • Site based role at our Head Office in Carlisle (just off M6, Jct 44), with occasional travel
  • Company pension scheme (after 3 month qualifying period, 5% employer, 4% employee)
  • A paid community day each year
  • Collaborative, supportive organisation committed to developing full potential
  • Excellent opportunity for career progression based on delivery, output and alignment to our values
  • Free on-site car parking