Information Security Manager

The Information Security Manager is a critical role within the IT Department, tasked with defining and delivering the objectives of the CGT Catapult Information Security strategy while enhancing a security programme that addresses data compliance, security, privacy risks, and project-specific security requirements. This role is also responsible for gathering, analysing, and assessing current and future threats to data compliance, information security, and privacy, as well as maintaining and monitoring the organisation's evolving information security best practices.

The Information Security Manager will collaborate with senior managers across CGT Catapult to develop and drive the data compliance and information security agenda, ensuring it meets complex compliance, legal, and framework requirements. Acting as an empowered representative of the IT Department during IT planning initiatives, the role ensures that data compliance and security controls are integrated at the design stage of IT projects, with expectations clearly defined, understood, and agreed upon. Additionally, the Information Security Manager will play a key role in evaluating current data compliance and information security breach management processes to ensure CGT Catapult meets mandatory data breach notification obligations if required.

Key Accountabilities:

• Work with the Enterprise and Security Architect and senior managers to build on an existing data compliance and information security program to address information security risks and compliance requirements
• Implement information security frameworks: Cyber Essentials to ISO27001
• Manage Information Security Incidents in line with best practice
• Participate in the preparation and management regulatory agency and Collaborator inspections
• Evaluation of data compliance requirements with stakeholders including response to requirement specifications from CGT Catapult internal departments
• Provide support and advice to stakeholders by facilitating the escalation of any data compliance issues through the appropriate routes
• Assisting with managing and overseeing the data compliance and security aspects of the company/project IT set-up including websites that may be hosted internally or externally
• Liaising with potential and confirmed Collaborators and their IT support partners/employees operating within the CGT Catapult environment, securing the access and integrity of data made available to individual Collaborators
• Manage data compliance and information security projects, providing expert guidance on compliance matters for other IT projects
• Stay abreast of regulatory changes including cybersecurity developments and their impact on IT requirements, including relevant data privacy requirements
• Ensure audit trails, system logs, and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements
• Work with the Company’s Data Protection Officer to ensure that CGT Catapult meets Information Security requirements under relevant legislation and regulations and can fulfil the array of data subject rights
• Performs other duties as and when directed, commensurate with the role

Experience:

• Comprehensive IT experience, with significant gained within an information security role
• Recent managerial experience, particularly defining and implementing security strategy
• Significant experience of Data Compliance, IT support, cyber security, and service level agreements etc
• Experience within a GxP environment would be an advantage
• Previous experience working within an R&D interfacing environment would be beneficial

Knowledge / Skills / Competencies:

• Highly motivated, pragmatic and practical to support the mission of the Cell and Gene Therapy Catapult to accelerate the development of a commercial cell and gene-based therapy industry in the UK
• Desire to establish a high-profile career within cell and gene sector and the personal drive to help push the sector to be a commercial success
• Able to evaluate complex situations and find solutions in a professional manner
• Working knowledge of the Data Protection Act (1998) and General Data Protection Regulations (GDPR)
• Working knowledge of Security Architecture and potential security issues related to them PaaS, IaaS, SaaS and understanding of IAM, and Data Loss Prevention in a cloud environment
• Knowledge of technologies such as IDS/IPS, vulnerability testing and Firewalls
• Ability to manage multiple / varied tasks and prioritise workload with attention to detail
• Comfortable operating autonomously once goals and objectives are set
• Strong interpersonal and organizational skills, with the ability to successfully work both independently and effectively within a team
• Strong leadership capability, executing as appropriate in the areas of responsibility
• Excellent oral and written communication skills, including the ability to explain technology solutions to non-technology internal client base
• Proven project management skills, including the ability to effectively deploy resources and manage multiple projects of diverse scopes in a cross-functional environment
• Proven ability to engage constructively with colleagues at all levels across different departments to deliver objectives
• Ability to quickly establish credibility and build rapport and trust
• A good team player, with strong organisational skills
• Stays current with developments in new technologies and platforms

Education / Qualifications:

• Bachelor’s or Master’s degree in computer science, information systems, business administration or related field; or equivalent work experience

CGT Catapult is committed to providing an equal, diverse, and inclusive work environment where everyone’s contributions are valued. We celebrate differences, empower, and inspire everyone, because when everyone is included, everyone wins. In 2024, we received bronze accreditation from Inclusive Employers.