Log In Sign Up

Head of Information Security

Premium Job From Search and Select Limited

Recruiter

Search and Select Limited

Listed on

20th April 2018

Location

Isle Of Man

Salary/Rate

£55000 - £55000

Type

Permanent

Start Date

ASAP

This job has now expired please search on the home page to find live IT Jobs.

Head of Information Security

Location: Isle of Man

Salary: £55,000

Our Isle of Man Client is looking for a Head of Information Security to act as the company’s expert and advocate of Information Security Management dealing with processes, policies and procedures and ensuring they align with business needs. You will be responsible for monitoring threats and vulnerabilities and ensure uptake of latest security trends to ensure adequate protection is delivered. You will provide technical security advice to all areas of the Company and ensure compliance through the business of Security policies and procedures. You will also be required to play an active role in managing the company’s responsibilities for Data Protection and GDPR at a technology level ensuring all systems are compliant with current legislation and driving necessary change to ensure continued compliance.

Key Accountabilities:

Accountable for Information Security, compliance and data protection including:

- The qualification, design and safe implementation of cyber security solutions within the network, ensuring solutions adhere to relevant compliancy standards, and provide value for money

- Managing cyber security control frameworks, security policies, and regular threat & risk management

- Managing data security and legal/regulatory requirements of the same

- Setting cyber security strategy within overall strategy framework

- Responsible for the implementation and continued achievement of ISO 27001, ISO9001, ISO14001

- Ensuring the nominated Data Protection Officer is able to operate within the requirements of current legislation

Identify:

- Assessing and approving the security criticality of the assets

- Assessing and managing the 3rd party security contracts and security conformance

- Ownership of security policies - creation of, reviewing, updating and dissemination of policies.

- Cyber Security Control Framework - managing and embedding the framework within the organisation

- Ownership of the Cyber security risk register - manage the register and ensure it is up to date. Track and update the risks, mitigations and remediation plans.

- Responsible for ensuring that the company are compliant with the Data Protection Act and manage this compliance.

Protect:

- Responsible for access control policies, procedures and controls to ensure only authorised users have access to company assets.

- Responsible for managing and embedding acceptable usage restrictions throughout the organisation.

- Responsible for securing, managing and embedding data and information security controls including identifying suitable cryptography.

- To deliver and manage the security awareness and education programme to ensure that all staff are receiving the correct level of training.

- Responsible for embedding a security culture in the organisation.

- Contribution of security content to the IT processes -

- Working with the Telco, IMS, Internal IT, Computer Development and Hosting teams to ensure that security support is provided and security is designed and implemented.

- Contribution to security design and implementation from an oversight perspective

- Have oversight of the change management process to identify and prevent potential security threats or vulnerabilities.

- Ownership of the technical security controls such as security devices, SIEM, IAM, DLP solutions, etc.

- The creation and management of security standards and guidelines.

- The management of threat intelligence and the dissemination of the intelligence to the relevant teams within the company.

- Creation and management of Information protection processes and procedures such as data retention, destruction, security hardening, etc.

Detect:

- Compliance against ISO27001:2013

- Responsible for the delivery and management of a continuous control monitoring strategy.

- Responsible for the oversight and effective operation of any intrusion detection/prevention mechanisms.

- Carrying out regular risk and control assessments to identify weaknesses and vulnerabilities and manage the risk.

Respond:

- Responsible for the oversight and promotion of security response plans and ensuring their effective operation.

- Responsible for the planning, scheduling and conducting of response plan tests and any resulting actions as a consequence of the test.

- Responsible for investigating inappropriate activity.

- Responsible for keeping abreast of security legislation and regulation and implementing any new security directives.

- Responsible for reviewing audit and event logs and managing actions.

Recover:

- Responsible for managing the business continuity response to security events.

- Responsible for managing departmental recovery plans and ensuring an effective recovery process

Key Skills and Experience:

- Industry recognised security certification, such as CISSP, CISA, CISM, CEH, ISO27001 Auditor

- Degree Level qualification

- Project Management training/qualifications (e.g. PRINCE2) would be an advantage

- 5+ years of overall experience in IT industry.

- 5+ years of experience in an information security and risk related role.

- Excellent analytical, investigative and problem solving skills

- Confident in own justification & decision making ability

- Excellent communication & report writing skills

- Strong interpersonal & presentational skills

- Self-motivated and ability to motivate others to excellence

- Ability to work as part of own and cross company teams

- Strong in the use of the full range of Microsoft Office applications

Location: Isle Of Man

You are currently using an outdated browser.

Please consider using a modern browser such as one listed below:

Google Chrome
Google Chrome
 Opera
Opera
 Mozilla Firefox
Mozilla Firefox