Information Security & Data Protection Manager
- Recruiter
- Michael Page Legal
- Location
- England, Buckinghamshire, High Wycombe
- Salary
- Negotiable
- Posted
- 19 Nov 2019
- Closes
- 17 Dec 2019
- Ref
- 14052476/001
- Contact
- Heather Ninnes
- Job Title
- Risk and Compliance
- Practice Area
- Information Technology
- Contract Type
- Permanent
- Hours
- Full Time
This Information Security & Data Protection Manager role is based in High Wycombe and supports both a technology lawyer and a CISO, covering ISO27001 and GDPR. Join a growing software business that offers plenty of opportunities to progress.
Client Details
This Information Security & Data Protection Manager role is based in High Wycombe, the business is growing and currently employs 300 people. The business operates internationally and with over 2000 customers, is very profitable.
Description
This Information Security & Data Protection Manager role involves:
You'll be responsible for operational compliance of the information security functions within the
business. You'll conduct internal compliance training, liaise with customers and suppliers, audit
controls and develop and oversee control systems within set policies and frameworks. Your goal is to deliver a secure and reliable service to the business through adherence to all governance,
quality and security standards.
- Managing Information Security Management System
- Conducting audits, evaluating, gathering and producing supporting evidence
- Liaising and meeting with customers, prospective customers and suppliers regarding any
- information security queries and issues
- Ensuring new and existing employees are fully aware of, and comply with, company
- information security systems and policies
- work with Legal to manage ongoing GDPR and privacy compliance
Principal Responsibilities
Information Security System
- Carry out security, business continuity and privacy risk assessments
- Plan, exercise and test BCP response plans
- Develop and progress company objectives
- Manage and report on the continuous improvement log and security incidents
- Management and Leadership of the Information Security function
- Work closely with colleagues within all parts of the business and facilitate the Information Security Team
- Manage the information security architecture service
- Manage the response to security incidents
- Take part in a team rota to provide out of hours cover for critical events to key systems
ISO Standards and GDPR
- Maintain all ISO policy documentation for the business
- Ensure compliance of InfoSec policies and GDPR regulation across the business
- Keep updated with all legislative changes and ICO updates
- Ensure our ACL policy is adhered to across the business.
- Work with colleagues within the data, knowledge and information management team to protect
and govern information through an information lifecycle governance framework and maintain the
skills required to embed a culture of security awareness.
- Audits
- Manage relationships between the company and third party auditors
- Ensure that the company is well prepared for all audits
- Work with all departments to ensure they are prepared and assist them during the audits
- Ensure all documentation is up-to-date before and after audits
- Provide risk management and assurance to the Senior Information Risk Owner (SIRO) and the
- Audit and Risk committee on cyber security
Customer and Suppliers
- Co-ordinating with relevant parts of the business to complete customer or prospect information
- security questionnaires and RFPs in relation to InfoSec
- Attending customer meetings where InfoSec guidance and knowledge is required
- Carrying our InfoSec risk assessments of suppliers
- Ensuring that all suppliers comply with our InfoSec standards and GDPR legislation
- Own on-boarding process for all new employees relating to InfoSec, BCP and GDPR awareness
- Delivery of a continuous compliance training and awareness programme
- Identifying training and awareness needs where appropriate
Profile
This Information Security & Data Protection Manager role requires:
Essential Skills
Extensive knowledge and experience of ISO27001 (InfoSec), ISO22301(BCP) and GDPR
Degree level, diploma or equivalent education preferred.
Extensive experience of data collection, analysis and reporting
Ability to hold training courses for instruction of employees and ensure understanding of
relevance to job roles.
Experience in addressing misuse of systems with employees
Competencies
You will be articulate, with excellent communication skills, able to listen and provide answers
You'll have a deeply analytical mindset and a keen interest in problem solving and performance
analysis
You'll be process oriented, with a balanced understanding of how process should be ordered
towards serving business outcomes
Job Offer
Competitive package, please enquire