Information Security and Compliance Manager
23rd December 2019
£80 - £80
DOE + Extensive Benefits Package
This job has now expired please search on the home page to find live IT Jobs.
Information Security and Compliance Manager
Solihull, West Midlands
Up to £80,000 (Dependent on Experience) + Extensive Benefits Package
Our client is a global provider of technology systems and solutions across the entire insurance industry. They provide core technology solutions, distribution and trading capability, advanced analytics and solution delivery.
They are on the lookout for an Information Security and Compliance Manager who will be responsible for ensuring the confidentiality, integrity and availability of company data and client data, stored or used by our client. The role will also be responsible for ensuring that client services are properly audited. The Information Security and Compliance Manager will set and monitor the legal, regulatory and contractual standards with which our client must comply as a trusted supplier to the financial services industry.
OUR CLIENT WOULD LIKE TO MEET AN INFORMATION SECURITY AND COMPLIANCE MANAGER WITH:
- The ability to influence key stakeholders
- The ability to engage, inspire and educate others
- A strong level of business acumen
- A proven track record of managing the security strategy of both mature software development and managed service organisations
- A sound understanding the cyber security landscape, current threat levels and best practice
- Demonstrable communication skills appropriate to all levels within the organisation
- Experience of implementing and maintaining an information security management system to the ISO/IEC 27001:2013 standard (essential)
- The ability to secure AWS workloads and infrastructure
- CISM certified (essential)
- CISSP, CISA, COBIT
- Knowledge of ITIL, Prince2, Agile, Waterfall and Kanban working methodologies
THE INFORMATION SECURITY AND COMPLIANCE MANAGER'S RESPONSIBILITIES INCLUDE:
Information Security - General
- Identify and agree with stakeholders the security threats faced by the organisation
- Maintain and improve our client's Information Security Management System (ISMS) to meet legal, regulatory and contractual requirements
- Maintain the risk register with the identified security risks, their treatment and revised ratings
- Design and implement a program of audit and review to ensure that the ISMS is being complied with
- Certification and accreditation (ISO 27001, PCI-DSS etc.)
- Review technical and procedural controls designed to protect data on a regular basis
- Ensure compliance with applicable legal data protection legislation and compliance with contractual client data protection requirements
- Monitor existing and emerging threats and update our client's security policies and working practices
- Further enhance our client's program of vulnerability and penetration testing by an independent third party to validate the integrity and fitness-for-purpose of the security policy and its implementation
- Implement, review and manage processes to ensure that remedial activities identified by testing are completed as required
- In conjunction with the product architects and product development managers, define the approach to be used by the development teams to ensure that security is built into the software development process
- Understand and develop strategies to secure containerised and serverless cloud-based workloads
- Report to the business monthly on the status of our client's information security preparedness
- Carry out appropriate communications to stakeholders on security matters, whilst educating the employee base on the latest security risks, threats, vulnerabilities and mitigation
WHAT'S IN IT FOR YOU?
- A unique working environment where you'll be surrounded by committed experts from a variety of backgrounds
- A generous salary and matching pension scheme
- A clear, personal learning and development plan that provides the frameworks and development solutions to ensure everyone has the opportunity to maximise their performance and realise their potential
- Generous holiday allowance (25 days + Public Holidays), free parking and life assurance
- A wide range of flexible benefits such as experience days, gym memberships, to wellbeing benefits like healthcare cashback plans, and so much more
Our client has a strong, clear vision - to be the leading provider of insurance technology software - and their values describe what makes them unique and capture the spirit that runs through everything they do.
Respect - Ownership - Collaboration - Innovation - Energy
A CAREER WITH OUR CLIENT:
Our client believes the most valuable asset for any business is the people it employs. It is crucial therefore to employ and invest in the best.
The organisation believes that their diversity makes them stronger. As an equal opportunities employer, they celebrate and support everyone who works for them. They are committed to providing equal opportunities in their working practices and are proud of their inclusive culture.
To apply for the role of Information Security and Compliance Manager, please apply via the button shown.
This vacancy is being advertised by Webrecruit. The services advertised by Webrecruit are those of an Employment Agency.
Other organisations may call this role Information Security Manager, Compliance Manager, Head of Information Security, Head of Information Security and Compliance, or Cyber Security Manager.