Information Security Manager
Meet Our People...
We are looking for a talented Information Security Manager to join!
We are looking for a CISSP or CISM certified Information Security Manager to join the Governance, Risk and Compliance Team at Workshare.
As the Information Security Manager you will help Workshare improve its information security posture with respect to delivering products and services to clients.
You will be responsible for performing risk, control and compliance assessments by understanding the key assets and processes, identifying the risks and controls, evaluating the residual risk and suggesting incremental controls, where necessary.
Your role as ISO is to be engaged with the business unit, acting in a consultative way to ensure security policies are being adhered to and incorporated into processes and procedures.
- Conduct Information Security audits internally within the organisation and at Client sites.
- Implement the Information Security Policy and Standards across business unit(s);
- Ensure that appropriate visibility of non-compliance is raised through the issues and risk processes;
- Proactively identify information security deficiencies or opportunities for improvement and facilitate development of pragmatic solutions;
- Provide escalation path for information security issues, incidents and enquiries;
- Engage with clients to assist the business achieve its objectives with pre and post sales activities (explain our security program, support external audits, support bids/rfi process);
- Support Information Security Assessments for third parties;
- Provide regular, timely reporting on the information security status across the supported business units
- Perform information security reviews and control compliance assessments;
- Review BU processes and products for policy violation/non-compliance areas;
- Ensure new products/services, applications, new third party or client relationship, etc. has appropriate security controls embedded and that the risks are appropriate addressed;
- Assist business in managing and preventing future incidents and providing incident services as needed.
- Qualified ISO27001 Lead Auditor;
- Qualifications – CISSP or CISM;
- Design and implementation of strategic security assurance programs;
- Background in Security Policy Development, Legal Compliance and security awareness;
- Knowledge of enterprise-level IT security strategy and implementation;
- Experience providing technical security solutions with focus on Information Security risk and governance;
- Demonstrable experience of driving operational implementation of policies and processes across business units, using influencing and security skills;
- Demonstrable experience of working within regulated environments;
- Experience of security awareness training and security Incident Management;
- Understanding of the General Data Protection Regulation;
- Knowledge of security best practice and international standards such as ISO27001;
- Knowledge of secure development processes;
- Knowledge of Cloud and technical security controls;
- Process driven with excellent attention to details;
- Ability to communicate to and influence senior management;
- Self-motivated with an ability to manage change.
- Up to 28 days’ holiday per year (plus 8 days’ bank holiday).
- Subsidised Gym Membership.
- Free tea, coffee, fruit and treats throughout the week!