IT/Information Security Manager in Stirling

Overview

Some see chaos. We see the start of something big.

Challenges. Opportunities. Solutions. At Robertson, we see them our way. We’re bold enough to ask questions. Brave enough to look at things differently. Confident enough to be ourselves. Join us and you’ll join the UK’s largest family‑owned construction, infrastructure and support services business. And as Information Security Manager, you’ll be part of a team that’s doing incredible things – for ourselves, for the built environment around us, and for a truly sustainable future.

Your new role

The Information Security Manager will champion the Robertson IT and Information Security initiative across all Robertson companies to assure the security of our operations, data and technologies and that they align with and meet specific security standards and frameworks. This role is critical in maintaining Robertson's reputation for excellence and sustainability across all aspects of the business. The postholder will engage with a wide range of employees from different backgrounds and who have different levels of technical competencies.

DUTIES:

• Develop and deliver the Information Security, Information Management and Business Defence Strategies across Robertson.
• Project manage the implementation of ISO 27001 across Robertson businesses and lead the day-to-day management and ongoing improvement of the Robertson Information Security Management System.
• Lead the Information Security Risk Management Committee, conducting risk assessments with the team, identifying controls and processes where improvements are required and escalating strategic risks to the Board as necessary.
• Work with the Data Protection Advisor and Robertson businesses to continually improve compliance with UK data protection legislation as well as with our agreed contractual obligations.
• Develop a culture of security and data protection awareness across all Robertson businesses by ongoing communication and provision of appropriate and relevant training to all employees.
• Provide guidance across the company for all security requirements in complex IT environments.
• Manage the ongoing reporting of IT Security, Information Security and Data Protection Compliance to managers and Executives.
• Collaborate closely with the Robertson businesses to understand their operations and security needs/expectations.
• Foster a culture of shared responsibility and compliance with data protection and risk management.
• Provide ongoing support to ensure that Robertson Security standards are continuously met.
• Develop and deliver a risk-based audit schedule deploying internal and external auditors as appropriate to assess the standard of information and IT security across Robertson to meet the requirements of ISO 27001, PCI DSS, NIST 800-53 and Cyber Essentials Plus.
• Answer security questionnaires, assist in bid responses and develop cyber security plans as part of contract execution.
• Work with Procurement teams to deliver a robust third‑party risk management framework which incorporates information and IT security.
• Incident management – respond swiftly to all incidents ensuring that an appropriate response is put in place.
• Carry out incident reviews where appropriate, document action plans and ensure lessons learned are shared with the IT community.
• Lead the review and enhancement of policies, procedures, forms and guidance in IT and Information Security, Risk management, Training, Data protection etc. to ensure continuous improvement.
• Publicise, advertise and evangelise IT and Information Security across Robertson.

QUALIFICATIONS/RELEVANT INDUSTRIAL EXPERIENCE:

• To be an experienced Information, IT and Cyber security professional.
• Previous responsibilities for developing, implementing and monitoring IT, Information and Cyber risk and security strategies within large and complex organisations.
• Proven track record of delivering cost effective solutions to protect corporate assets and experience of achieving compliance against industry security standards such as ISO27001, PCI‑DSS, NIST 800 Series.
• Demonstrable experience in Security Risk management.
• Leadership experience with ability to mentor a team and to drive IT, Information and Cybersecurity awareness across an organisation.
• In‑depth level of technical security knowledge including a broad awareness of emerging threats and trends.
• Relevant security qualification e.g.: CISSP/CRISC/CISM/CISA etc.
• Excellent communications and influencing skills, capable of engaging with a range of stakeholders on complex security issues to ensure change is adopted and sustained.
• ITIL Certified and trained.
• Prince 2 Project Management or equivalent.
• Experienced auditor; Lead auditor preferred.
• Knowledge and experience of data protection laws and regulations and of implementation of a Personal Information Management system.
• Degree level or able to demonstrate the appropriate experience within an equivalent role.

Benefits of working with Robertson:

• 33 days annual leave (pro‑rata for part time or FTC positions, increases with length of service)
• Salary Sacrifice Pension Scheme
• Life Assurance
• Cycle to Work Scheme
• Discounts (gym memberships, restaurants, days out etc.) with Hapi Rewards App
• Annual Flu Vaccine
• Access to E‑Learning
• Health & Wellbeing Support
• Life Management & Financial Support

Diversity & Inclusion:

When it comes to diversity and inclusion, we see things differently at Robertson. That’s why we’re working hard to create an environment where everyone can feel welcome, and where we can all be ourselves. We encourage applications from people of all races, ages, genders, religions, sexual orientations and more - so whoever you are, we hope you’ll see things our way, too.

This role will be subject to pre‑employment screening, including references. The level of screening may vary depending on role responsibilities and will be discussed at interview.