Information Security Manager

Hybrid (Reading when required)

Job description

Role purpose To obtain, maintain, and administer the ISO27001:2013 Accreditation. To support the organization with Internal Audits and Information Security Risk management and ensure our compliance with GDPR.
Key responsibilities
  • Creation and maintenance of the ISMS Manual.
  • Organising and managing Information Security Group meetings, ensuring that the Group operates according to its terms of reference and that actions are completed.
  • Running a schedule of Internal Audits and managing external assessments.
  • Maintaining and achieving external certifications, including ISO27001 and Cyber Essentials certifications.
  • Designing and delivering training on information security and raising awareness of “good” information security practices.
  • Maintaining the information security risk register.
  • Monitoring and maintaining supplier and customer contracts and agreements in relation to Information Security and Data Protection.
  • Maintaining information security policies, keeping policies up to date and developing new policies as required.
  • Assisting in responding to questionnaires and enquiries from clients and prospects on information security standards.
  • Maintaining external documentation on information security practices to provide to clients and assist with tender responses.
  • Reviewing the information security practices of suppliers and third parties to the company.
  • Developing information security due diligence procedures on suppliers.
KPIs and Measures
  • Frequency of Internal Audit
  • Number of Non-Compliance Events
  • Cycle Time: Compliance Correction
  • Percentage of Improvement Opportunities Implemented
Key deliverables
  • Ensuring robust processes are in place to enable compliance with the GDPR and establishment of the information security management framework.
  • Creation of ISMS Manual.
  • Review of all policies and recommendations for improvement.
Key stakeholders  
  • Head of IT Operations
  • HR Department
  • CTO
  • COO
  • Company users
  • Legal
Competencies
  • Excellent Administrative skills
  • Excellent Document Writing skills
  • Experience of managing ISO standards
  • Experience with Risk Management principles
  • Experience with delivering Internal Audits
  • Skilled communicator with clear and concise written ability.
  • Excellent personal time management.

 

  • Excellent understanding of ISO standards and frameworks.
  • Detailed and practical understanding of good infrastructure design covering security, monitoring, and alerting.
  • Good understanding of GDPR and Information security.
  • Experience with Microsoft SharePoint and Microsoft 365 would be beneficial

 

  • Attention to detail.
  • Strong business acumen.
  • Ability to work with little supervision.
  • Adaptable and personal willingness to be flexible when situation demands.
  • Humility.
Education / qualifications
  • A level qualified or equivalent.
  • 5 years of relevant experience.

We really appreciate every interest in our company, but we are able only to reach out to the candidates who match our needs the most. You can always keep in touch with us on LinkedIn, Twitter, and via our website.

Working at Dynamic Planner

Social