Information Security Manager
|Job Type||Permanent Full Time|
|Area||London, United Kingdom|
|Salary||Up to £70,000|
- Our client, car leading car park operator are currently hiring for an Information Security Manager.
The purpose of this position is to stay on top of latest threat actors and continue to develop the security maturity of the business. The information security manager will be responsible for ensuring adherence to relevant Policy, Standards, Legislation and Regulation relating to Information Security management in line with best practice policies and for advising the business on ISO27001 & PCI DSS. This includes providing comprehensive information security advice to the Executive Management team and to all business areas and functions within the business. Particular emphasis is placed upon promoting legal, risk, compliance and corporate governance best practice and ensuring a consistent, pro-active and risk management driven approach across the business
- Advise the business on achieving ISO 27001 certification and developing, maintaining and monitoring compliance with the Information Security policies and associated security standards.
- To provide subject matter expertise for Information Security, Risk & Compliance across the business.
- Drive the continual improvement of Information Security policies and standards, in line with the commercial objectives of the business.
- Be responsible for conducting compliance audits and Gap Analysis.
- Define appropriate risk management and reporting approach.
- Own and maintain the Group’s information asset register.
- Investigate security incidents and taking ownership o incident management.
- Review and approve the information security aspects of the third party supplier onboarding process.
- Coordinate responses to third party queries on NCP’s information security compliance.
- Establish the internal owners of products, networks and systems and keeping those owners aware of their obligations and best practice.
- Manage external compliance and certification efforts as required (e.g. PCI & ISO27001) in close liaison with the DPO and Technology team.
- Coordinate and administer the security education & awareness programme for the business.
KEY KNOWLEDGE / EXPERIENCE AND QUALIFICATIONS
- Relevant industry experience writing policies and undertaking security compliance activities.
- Experience providing Information Security consultancy within a fast moving organization.
- Professional security qualifications and certifications such as MSc, CISSP, CISM or CISA.
- ISO27001 Lead Auditor or Lead Implementer qualification desired.
- Knowledge of the General Data Protection Regulations (DPA 2018) and Payment Card Industry (PCI DSS v.3.1/3.2) and related certification requirements.
- Experience of implementing the key principles of Information Security in a commercial environment.
- The development of IT security principles and best practices.
- Implementation of effective risk analysis techniques aligned to business appetite