Information Security Manager

We’re excited to announce an opportunity for an Information Security Manager to join our dynamic Digital Services team at ARAG UK. As a member of the Digital Services team, this role will be at the forefront of ARAG UK’s security strategy, ensuring the confidentiality, integrity and availability of ARAG’s information and information systems.

The successful candidate will hold accountability for ensuring our ISO27001 accreditation is adhered to and successfully renewed, as well as assessing the information risk and facilitating remediation of identified vulnerabilities within the company’s network, systems and applications. In addition, you will lead on the strategy, road mapping and planning of security in the organisation as well as the management of the information security team.

This is an excellent opportunity to report on findings and apply recommendations for corrective & preventative action, whilst identifying opportunities to reduce security risks. Key responsibilities will also include documenting remediation options regarding acceptance or mitigation of risk scenarios, as well as facilitating and monitoring performance of risk remediation tasks, changes related to risk mitigation & reporting on findings.

This role will help the company understand security threats and help create strategies to protect ARAG’s assets and interests for multiple ARAG entities. This is a strategic and hands-on work role, where you will manage a small team, whilst also supporting the Security & Governance Manager driving the IT Security strategy, leading projects, coordinating the team’s work and mentoring, coaching & developing them.

There will also be a responsibility to work with others in Digital Services and the wider organisation to ensure appropriate leadership and accountability in the security space. The role-holder will engage with our parent company, ensuring our ISMS aligns with their prescribed standards and frameworks, as well as discussing, analysing, planning and executing any required changes and improvements in our Information Security Systems.

We are keen to hear from candidates that possess a high level of technical, organisational and communication skills to fulfil this role. You will also be accountable for contributing to audit responses, specifically in the InfoSec area, and establishing improvements in the response process and standardisation.

About You: We are keen to hear from candidates with a good understanding of information security frameworks, standards and security best practice (ISO27001, NIST CSF, Cyber Essentials, OWASP). You’ll have demonstrable knowledge and adherence to data protection legislation and regulatory requirements (e.g. GDPR, FCA SYSC, PCI DSS), as well as extensive experience and understanding of security analysis tools, defensive technologies and other security technologies (e.g. SIEM, VAS, IDS/IPS, Firewalls, IAM, NAC, patch management, anti-malware).

In addition, the ideal candidate will have:

• Solid understanding of security incident management and incident response processes and activities.
• Strong working knowledge of authentication technologies (e.g. two-factor, multifactor).
• Good knowledge of Zero trust principles (e.g. limiting access to confidential information, limiting remote access to applications, differentiating between corporate and personal devices, trusted endpoints).
• Knowledge of endpoint security solutions (e.g. HIDS, anti-malware, file integrity, DLP).
• AWS and cloud platforms (e.g. SaaS, IaaS, PaaS).
• System administration, supporting multiple platforms and applications.
• Skilled in conducting vulnerability scans and identifying vulnerabilities in systems.
• Good awareness of the current Threat Landscape.
• Good understanding of modern malware: execution methods, persistence, detection, delivery mechanisms and entry points.
• Experience delivering presentations and supporting messaging to leadership teams.
• At a minimum, intermediate level of expertise in IT risk management or a related discipline – for example, security, privacy, business continuity management or compliance.

As a team, we are passionate and enthusiastic about what we do. Our people are encouraged to think independently and to take ownership of their work. In return for your commitment, we will offer you generous remuneration and an attractive benefits package which includes:

• 27 days holiday with the option to buy up to a further 5 days
• Company pension scheme with the option to increase contributions
• Group Income Protection for all employees
• Group Legal Protection for all employees
• European Motor Assistance and Home Emergency Assistance
• Private Medical Insurance
• Salary sacrifice benefits including Cycle scheme
• Access to our employee discounts hub offering exclusive discounts across thousands of retail partners, including discounted gym memberships at over 3,000 gyms across the UK
• The option to join our Sports and Social club which organises discounted events such as theatre visits, wine tasting and shopping trips

If you think you would be a good match for this role and can demonstrate some transferable experience please apply, regardless of whether you meet all the criteria listed above.