Information Security Manager - HYBRID WORKING

We are working in partnership with a fantastic client of ours who are based in the heart of Bristol. We are looking for an experienced Information Security Manager to join them on a hybrid working model.

ROLE SUMMARY

This role will report on findings and apply recommendations for corrective & preventative action and will identify opportunities to reduce security risks. This role will also document remediation options regarding acceptance or mitigation of risk scenarios as well as facilitating and monitoring performance of risk remediation tasks, changes related to risk mitigation & will report on findings. This role will help the client understand security threats and help create strategies to protect against them. The role will include strategic and hands-on work as well as managing a small team, driving the IT Security strategy, leading projects, co-ordinating the team’s work and mentoring, coaching & developing them. There will also be a responsibility to work with others in Digital Services and the wider organisation to ensure appropriate leadership and accountability in the security space. The role holder will possess strong technical, organisational and communication skills to fulfil this role. You will also be accountable for contributing to audit responses, specifically in the InfoSec area, and establishing improvements in the response process and standardisation.

KEY ACCOUNTABILITIES AND RESPONSIBILITIES

• Establish a clear security charter for the management of security and a long-term strategy.
• Drive organisational change and develop a culture of security.
• Drive the security operations pillars of excellence, competence, reliability and collaboration.
• Articulate the security vision, mission and objectives within the context of three critical priorities: Alignment with the company’s overall risk posture, support the company’s goals and help the company meet its compliance requirements.
• Delivery of meaningful value and metrics to key stakeholders that aligns with the company’s interests.
• Contribute to the IT Strategy planning process with regards to Information Security, ISO27001/27002.
• Manage, mentor and maintain the internal ISO auditor programme including audit schedules, audit reviews and recommendation resolution.
• Evolve the existing security strategy in collaboration with the Digital Services Management Team.
• Keeping up to date with current security best practice.
• Identify, draft and maintain security policies, guidelines, procedures, processes, baselines and documentation based on known industry standards and best practice.
• Managing the day-to-day security work-streams simultaneously and the day-to-day activities of the security team.
• Co-ordinating security planning through producing time and resource estimates for the purpose of demand planning.
• Mentoring the security team in the security design, planning and monitoring processes.

Qualifications (Desirable)

• CISSP: Certified Information Systems Security Professional
• ISO/IEC 27001 Lead Implementer/Auditor

Professional skills/experience

• Demonstrate a good understanding of information security frameworks, standards and security best practice (ISO27001, NIST CSF, Cyber Essentials, OWASP).
• Knowledge and adherence to data protection legislation and regulatory requirements (e.g. GDPR, FCA SYSC, PCI DSS).
• Extensive experience and understanding of security analysis tools, defensive technologies and other security technologies (e.g. SIEM, VAS, IDS/IPS, Firewalls, IAM, NAC, patch management, anti-malware).
• Solid understanding of security incident management and incident response processes and activities.
• Strong working knowledge of authentication technologies (e.g. two-factor, multifactor).
• Good knowledge of Zero trust principles (e.g. limiting access to confidential information, limiting remote access to applications, differentiating between corporate and personal devices, trusted endpoints).
• Knowledge of endpoint security solutions (e.g. HIDS, anti-malware, file integrity, DLP).
• AWS and cloud platforms (e.g. SaaS, IaaS, PaaS).
• System administration, supporting multiple platforms and applications.
• Skilled in conducting vulnerability scans and identifying vulnerabilities in systems.
• Good awareness of the current Threat Landscape.
• Good understanding of modern malware: execution methods, persistence, detection, delivery mechanisms and entry points.

Due to the volume of applications received for positions, it will not be possible to respond to all applications and only applicants who are considered suitable for interview will be contacted.

Proactive Appointments Limited operates as an employment agency and employment business and is an equal opportunities organisation. We take our obligations to protect your personal data very seriously. Any information provided to us will be processed as detailed in our Privacy Notice, a copy of which can be found on our website.