Information Security Manager

  • Category
    Information security & risk - Data / Information security
  • Location
    Edinburgh, City Of Edinburgh
  • Salary
  • External Reference

Information Security Manager
Spring Technology are working in partnership with a market leading organisation to recruit an Information Security Manager. You will be joining an exciting new team in Edinburgh and heading up the InfoSec strategy for our enterprise client.

This role comes with a highly competitive salary and benefits package!

The Role
You will be joining a FTSE 100 company with a history of leading their market in the UK. As an Information Security Manager you will be providing recommendations on strategy, policy, standards and security controls to the Head of Information Security and the wider business. You will inform and make recommendations as a result of technology change, project proposals or regulatory or legal changes.

The Responsibilities
*Support the Head of Information Security & Cyber Risk Assurance in the execution of their duties and appropriately represent them within the business in providing effective guidance, challenge, assurance and oversight.
*Report and deliver Information Security & Cyber risk assurance/review activity consulting with management to formulate and agree effective solutions to any identified shortfalls.
*Provide input to the continuous development and improvement of the risk review methodology and approach.
*Effectively analyse breaches, incidents, internal and external audit, compliance monitoring and other review findings to determine Information Security and Cyber risk implications.
*Review relevant customer processes and systems where there are changes and provide guidance, recommendations and challenge to business owners on areas for development/improvement.
*Support the design, production and refresh of the risk monitoring universe and the determination of plans to deliver appropriate assurance.
*Undertake quality assurance of the services provided by the Information Security functions across the company via a variety of techniques, including sample checking, analysis of MI and reporting, day-to-day interaction and dialogue with management and formal governance forums.
*Input into governance committees from an IT/ Cyber risk compliance perspective, acting as owner for issues where appropriate.
*Oversee the production of monthly detail management information within the team and appropriate commentary that is then fed into management meetings and committees.

The Requirements
*Relevant Information Security and Cyber technical experience, including knowledge and awareness of the regulatory environment and relevant legislation, product administration processes and outsourced service arrangements.
*Proven knowledge and experience of IT Security tools, capabilities and controls.
*Knowledge of Security Testing tools and techniques e.g. Penetration Testing, Infrastructure Scanning, Static Code Review and Web App Scanning tools.
*Proven knowledge and experience in Industry Standards and best practice including the ISO/IEC 27000 series, NIST Cybersecurity Framework etc.
*Proven analytical, audit and investigative skills and judgement and reasoning ability.
*Excellent written and verbal communication skills and the ability to communicate and challenge at all levels.
*Excellent organisation skills, including the ability to work under pressure and meet deadlines.
*Ideally you will be CISP or CISM qualified.

If you are interested in joining an exciting new team within a highly respected FTSE 100 company please apply now.

To speak to a recruitment expert please contact Bruce Webster