Information Security & Data Protection Manager

Recruiter
Michael Page Legal
Location
England, Buckinghamshire, High Wycombe
Salary
Negotiable
Posted
19 Nov 2019
Closes
17 Dec 2019
Ref
14052476/001
Contact
Heather Ninnes
Job Title
Risk and Compliance
Practice Area
Information Technology
PQE Level
2-4, 5-7, 8-10
Contract Type
Permanent
Hours
Full Time

This Information Security & Data Protection Manager role is based in High Wycombe and supports both a technology lawyer and a CISO, covering ISO27001 and GDPR. Join a growing software business that offers plenty of opportunities to progress.

Client Details

This Information Security & Data Protection Manager role is based in High Wycombe, the business is growing and currently employs 300 people. The business operates internationally and with over 2000 customers, is very profitable.

Description

This Information Security & Data Protection Manager role involves:

You'll be responsible for operational compliance of the information security functions within the

business. You'll conduct internal compliance training, liaise with customers and suppliers, audit

controls and develop and oversee control systems within set policies and frameworks. Your goal is to deliver a secure and reliable service to the business through adherence to all governance,

quality and security standards.

  • Managing Information Security Management System

  • Conducting audits, evaluating, gathering and producing supporting evidence

  • Liaising and meeting with customers, prospective customers and suppliers regarding any

  • information security queries and issues

  • Ensuring new and existing employees are fully aware of, and comply with, company

  • information security systems and policies

  • work with Legal to manage ongoing GDPR and privacy compliance

Principal Responsibilities

Information Security System

  • Carry out security, business continuity and privacy risk assessments
  • Plan, exercise and test BCP response plans
      • Develop and progress company objectives
  • Manage and report on the continuous improvement log and security incidents
  • Management and Leadership of the Information Security function
  • Work closely with colleagues within all parts of the business and facilitate the Information Security Team
  • Manage the information security architecture service
  • Manage the response to security incidents
  • Take part in a team rota to provide out of hours cover for critical events to key systems

ISO Standards and GDPR

  • Maintain all ISO policy documentation for the business
  • Ensure compliance of InfoSec policies and GDPR regulation across the business
  • Keep updated with all legislative changes and ICO updates
  • Ensure our ACL policy is adhered to across the business.
  • Work with colleagues within the data, knowledge and information management team to protect

and govern information through an information lifecycle governance framework and maintain the

skills required to embed a culture of security awareness.

  • Audits
  • Manage relationships between the company and third party auditors
  • Ensure that the company is well prepared for all audits
  • Work with all departments to ensure they are prepared and assist them during the audits
  • Ensure all documentation is up-to-date before and after audits
  • Provide risk management and assurance to the Senior Information Risk Owner (SIRO) and the
  • Audit and Risk committee on cyber security

Customer and Suppliers

  • Co-ordinating with relevant parts of the business to complete customer or prospect information
  • security questionnaires and RFPs in relation to InfoSec
  • Attending customer meetings where InfoSec guidance and knowledge is required
  • Carrying our InfoSec risk assessments of suppliers
  • Ensuring that all suppliers comply with our InfoSec standards and GDPR legislation
  • Own on-boarding process for all new employees relating to InfoSec, BCP and GDPR awareness
  • Delivery of a continuous compliance training and awareness programme
  • Identifying training and awareness needs where appropriate

Profile

This Information Security & Data Protection Manager role requires:

Essential Skills

 Extensive knowledge and experience of ISO27001 (InfoSec), ISO22301(BCP) and GDPR

 Degree level, diploma or equivalent education preferred.

 Extensive experience of data collection, analysis and reporting

 Ability to hold training courses for instruction of employees and ensure understanding of

relevance to job roles.

 Experience in addressing misuse of systems with employees

Competencies

 You will be articulate, with excellent communication skills, able to listen and provide answers

 You'll have a deeply analytical mindset and a keen interest in problem solving and performance

analysis

 You'll be process oriented, with a balanced understanding of how process should be ordered

towards serving business outcomes

Job Offer

Competitive package, please enquire

More searches like this