Information Security Management System Manager (London) @ Insight Investment

Information Security Management System Manager (London)

Insight Investment is looking for a Information Security Management System (ISMS) Manager to join the Cyber Security team in London. Working within the CISO team as the designated ISMS Manager and acting as an information security subject matter expert, you will have a broad range of expertise across information security, cyber and data protection and be able to support, maintain and establish good practice security processes and controls across the organisation as well as articulate the current information security maturity posture to senior leadership.

Role Responsibilities

ISMS Implementation & Maintenance

• Develop, implement, and maintain the Information Security Management System (ISMS) and associated processes in compliance with ISO27001 and other relevant security standards.
• Establish and maintain documentation relevant to the management of the ISMS.
• Ensure continuous improvement of the ISMS by identifying gaps and support the implementation of corrective actions.
• Ensure the requirements of ISO22301 and the BCMS are integrated within the ISMS.

Governance

• Maintaining and chairing the ISMS Quarterly Management Reviews
• Support in maintaining and improving our Information Security Forum (TIRG)
• Deputise for the Head of Information Security and/or Chief Information Security Officer, where necessary
• Ownership and oversight of the information security risk management process, embedding an effective culture of transparency and visibility on all information security risks that impact the business
• Develop and implement an effective risk management structure to support the identification, analysis, evaluation and treatment of information security risks.
• Oversee the maintenance of the information security risk register
• Support in conducting risk assessments and development of risk treatment plans

Compliance

• Collaborate with internal and external auditors to manage ISMS audits and certifications.
• Ensure compliance with regulatory and legal requirements, such as local laws, GDPR, or industry-specific cybersecurity standards.

Policy & Process Development

• Develop and update security policies, procedures, and guidelines to align with business needs and regulatory requirements.
• Ensure security policies are effectively communicated and adhered to across the organisation.
• Work closely with the Head of Information Security and the Chief Information Security Officer to support with the establishment of a cyber strategy and Target Operating Model.

Cyber, Legal and Regulatory Landscape

• Monitor and report on the cyber, legal and regulatory landscape relevant to information security and Insight as an organisation.

Incident and Crisis Management

• Support the Incident and Crisis Management Teams with the response to information security incidents as required.

Security Training, Awareness, and Culture

• Support security training and awareness programs for employees.
• Provide guidance and best practices on information security to different teams within the organisation.
• Foster a culture of security-first thinking across the Lines of Business.

Collaboration & Stakeholder Management

• Work closely with Corporate Risk, Operational Resilience, and other relevant Lines of Business to integrate security practices into operations.
• Serve as the primary points of contact for ISMS-related matters with senior management and external stakeholders.
• Promote a collaborative working environment between Cyber, Technology and Data.

Experience Required

• Familiarity of internationally recognised information security standards such as the ISO27000 series and NIST.
• Demonstrable professional experience of managing information security obligations for a global business.
• Ability to perform the duties of a designated information security manager in an independent manner, including corresponding with regulators and data subjects, providing advice and guidance to the business, and providing training and awareness to all staff.
• Relevant certifications such as CISSP, CISM, CompTIA Security+, ISO27001 Auditor etc.
• Experience in monitoring and reacting to the cyber threat, legal and regulatory landscape.
• Experience in providing independent support and advice on a wide variety of information security issues in language tailored to fit all relevant stakeholders.
• The ability to work effectively within a team environment and across various stakeholders, including senior leadership and clients.
• Practical experience of applying a range of risk management approaches, conducting risk assessments and being able to articulate risk effectively.
• An accomplished communicator with the ability and confidence to present complex issues and influence decisions at all levels within an organisation with excellent analytical, interpersonal and stakeholder management skills.

Soft Skills

• Strong analytical and problem-solving skills.
• Excellent communication and stakeholder management abilities.
• Ability to work independently and drive security initiatives proactively.

Nice to have

• Experience in the financial services sector.
• Previous work experience with regulators or industry bodies.

#J-18808-Ljbffr