Information Security Manager
Liverpool, England, United Kingdom
Applications have closed
The Very Group
About the role
We are looking for an Information Security Manager to join the Information Security Team team.
This role impacts on all areas of the Group, including regulators, customers, all employees, 3rd parties and contractors. It involves being responsible for the implementation of new security defences and the operation of existing in accordance with best practices and company policy.
Key responsibilities will include.
Policy and Security Architecture
- Reviewing, updating and delivering the group wide Information Security risk framework, maintaining and improving the Information Security policy and associated standards and guidelines.
- Protection of the group’s assets (people, physical, informational and IT systems) from identified risk by implementing and gaining assurance on appropriate security controls.
Information Risk Management
- Conducting Information Security Risk Assessments on new business applications, IT changes, and group projects, identifying residual risk and recommending appropriate mitigating action.
- Ensuring security reviews are conducted on relevant 3rd parties and recommending appropriate mitigating action.
Identity and Access Management
- Designing and maintaining effective processes for the governance of access control.
- Management of the IAM / PUAM team.
Security Operations
- Working with the Information Security Operations manager to ensure maintenance and improvements of the Security Operations team to identify potential breaches for further investigation.
- Owning, the Vulnerability Management processes to identify vulnerabilities on IT systems, recommending appropriate mitigating action.
- Arranging for Penetration testing as required
Governance, Risk and Compliance
- Conducting and reporting on IT and Information Security policy assurance.
- Assisting in continuous group wide threat assessments to identify and report on risk appetite position.
- Identifying, tracking and reporting IT and Information Security risk and mitigating options.
- Working with both external and internal auditors to provide information and guidance.
Requirements
What you’ll bring
The successful candidate will bring a broad understanding of the Information Security industry and specifically, a solid understanding of UK regulations and compliance. You will be someone who keeps abreast with information (cyber) security issues, legal and regulatory changes affecting UK financial services, alongside engaging in professional development to maintain professional skills and knowledge essential to the position such as keeping abreast of the latest trends, technologies and threats.
You will also bring with you.
- Experience of contributing and improving the Information Security agenda within a corporate organisation
- Good commercial knowledge with the ability to understand and integrate business and security strategies.
- Good technical understanding of development and operational platforms including the Cloud.
- A thorough understanding of Identity Access Management and Privileged User Account Management (IAM, PUAM)
- Experience with Vulnerability management and the associated controls.
- Deep understanding of Cyber Risk
- Understanding of Threat intelligence and how it can be used to drive business decisions.
- Experience of agile methods of working, threat and risk modelling (STRIDE, DREAD) and experience of the Secure Software Development Lifecycle
Benefits
Some of our benefits
- Flexible, hybrid working model
- £6,500 Flexible benefits allowance to suit your needs
- 30 days holiday + bank holidays
- Bonus potential (performance and business-related)
- Up to 25% discount on Very.co.uk
- Matched pension up to 6%
- More benefits can be found on our career site
How to apply
Please note that the talent acquisition team are managing this vacancy directly, and if successful in securing this role, you may be required to undertake a credit, CIFAS and CRB check.
What happens next?
Our talent acquisition team will be in touch if you’re successful so keep an eye on your emails! We’ll arrange a short call to learn more about you, as well as answer any questions you have. If it feels like we’re a good match, we’ll share your CV with the hiring manager to review, and then be in touch to move to the interview process. Our interview process is tailored to each role and can be in-person and remotely. We will always look to make the adjustments you need to bring your best self to interview.
About us
We’re The Very Group – home to Very.co.uk and a 3,250-strong team of super talented people, all passionate about making good things easily accessible to more people so they can live life well. We combine amazing brands and products with flexible payment options that help people say yes when it matters most.
Equal opportunities
We’re an equal opportunity employer and value diversity at our company. We do not discriminate based on race, religion, colour, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status.
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Cloud Compliance Governance IAM Pentesting Risk assessment Risk management Threat intelligence Vulnerabilities Vulnerability management
Perks/benefits: Career development Equity Flex hours
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open Forensics-related jobs