Information Security Manager in Stirling

Some see chaos. We see the start of something big. At Robertson, we see challenges, opportunities, and solutions our way. We are bold enough to ask questions, brave enough to look at things differently, and confident enough to be ourselves. Join us and you'll be part of the UK's largest family-owned construction, infrastructure, and support services business. As Information Security Manager, you'll be part of a team that's doing incredible things for ourselves, for the built environment around us, and for a truly sustainable future.

The Information Security Manager will champion the Robertson IT and Information Security initiative across all Robertson companies to assure the security of our operations, data, and technologies and that they align with and meet specific security standards and frameworks. This role is critical in maintaining Robertson's reputation for excellence and sustainability across all aspects of the business. The postholder will engage with a wide range of employees from different backgrounds and who have different levels of technical competencies.

• Develop and deliver the Information Security, Information Management and Business Defence Strategies across Robertson.
• Project manage the implementation of ISO 27001 across Robertson businesses and lead the day-to-day management and ongoing improvement of the Robertson Information Security Management System.
• Lead the Information Security Risk Management Committee, conducting risk assessments with the team, identifying controls and processes where improvements are required and escalate strategic risks to the Board as necessary.
• Work with the Data Protection Advisor and Robertson businesses to continually improve compliance with UK data protection legislation as well as with our agreed contractual obligations.
• Develop a culture of security and data protection awareness across all Robertson businesses by ongoing communication and provision of appropriate and relevant training to all employees.
• Provide guidance across the company for all security requirements in complex IT environments.
• Manage the ongoing reporting of IT Security, Information Security and Data Protection Compliance to managers and Executives.
• Collaborate closely with the Robertson businesses to understand their operations and security needs/expectations. Foster a culture of shared responsibility and compliance with data protection and risk management. Provide ongoing support to ensure that Robertson Security standards are continuously met.
• Develop and deliver a risk-based audit schedule deploying internal and external auditors as appropriate to assess the standard of information and IT security across Robertson to meet the requirements of ISO 27001, PCI DSS, NIST 800-53 and Cyber Essentials Plus.
• Answer security questionnaires, assist in bid responses and develop cyber security plans as part of contract execution.
• Work with Procurement teams to deliver a robust third-party risk management framework which incorporates information and IT security.
• Incident management: respond swiftly to all incidents ensuring that an appropriate response is put in place. Carry out incident reviews where appropriate, document action plans and ensure lessons learned are shared with the IT community.
• Lead the review and enhancement of policies, procedures, forms and guidance in IT and Information Security, Risk management, Training, Data protection etc. to ensure continuous improvement.
• Publicise, advertise and evangelise IT and Information Security across Robertson.

• To be an experienced Information, IT and Cyber security professional.
• Previous responsibilities for developing, implementing and monitoring IT, Information and Cyber risk and security strategies within large and complex organisations.
• Proven track record of delivering cost-effective solutions to protect corporate assets and experience of achieving compliance against industry security standards such as ISO27001, PCI-DSS, NIST 800 Series.
• Demonstrable experience in Security Risk management.
• Leadership experience with ability to mentor a team and to drive IT, Information and Cybersecurity awareness across an organisation.
• In-depth level of technical security knowledge including a broad awareness of emerging threats and trends.
• Relevant security qualification e.g.: CISSP/CRISC/CISM/CISA etc.
• Excellent communications and influencing skills, capable of engaging with a range of stakeholders on complex security issues to ensure change is adopted and sustained.
• ITIL Certified and trained.
• Prince 2 Project Management or equivalent.
• Experienced auditor; Lead auditor preferred.
• Knowledge and experience of data protection laws and regulations and of implementation of a Personal Information Management system.
• Degree level or able to demonstrate the appropriate experience within an equivalent role.

Our principles are our roadmap to achieving positive outcomes and delivering on our purpose. They influence daily decisions around what we do and how we do things, creating an environment of growth, innovation and high performance.

• We listen: Listening enables us to work positively and collaboratively, and gives customers, partners and colleagues the assurance that their voices are always heard.
• We are professional: Our mix of prudence and diligence, care and attention to detail means that our customers have certainty and assurance in everything we do and trust us to deliver.
• We take responsibility: Each of us is accountable for what we do. From the smallest detail to team safety and caring for our communities and the environment, we know that everything matters.
• We are determined to succeed: Every challenge is an opportunity. We work collaboratively and focus on safety, productivity and quality to find solutions we can be proud of and that provide a positive, lasting benefit.
• We are one team: We work as one - in our teams and partnerships, and with our customers. We respect each contribution, and everyone stands up to be counted. We are Team Robertson.

• 33 days annual leave (pro-rata for part time or FTC positions, increases with length of service)
• Salary Sacrifice Pension Scheme
• Life Assurance
• Cycle to Work Scheme
• Discounts (gym memberships, restaurants, days out etc.) with Hapi Rewards App
• Access to E-Learning

When it comes to diversity and inclusion, we see things differently at Robertson. That's why we're working hard to create an environment where everyone can feel welcome, and where we can all be ourselves. We encourage applications from people of all races, ages, genders, religions, sexual orientations and more - so whoever you are, we hope you'll see things our way, too.

If you've got what it takes to look at things differently, to find new perspectives, and to discover the extraordinary within the ordinary, we love to meet you. To apply for this role and to start seeing things our way, submit your CV. This role will be subject to pre-employment screening, including references. The level of screening may vary depending on role responsibilities and will be discussed at interview.