Information Security Manager

The Information Security Manager role:

AlphaSights is looking for a proactive and driven individual to join the IT Engineering team. We are a digital business in which having a robust security posture with regards to all of our IT assets is paramount - continuous uptime and a smooth, secure technology experience is central to our success. The role of the Information Security Manager therefore represents a visible and valued opportunity for the right candidate to have an immediate impact globally

From day one, you will be responsible for defining and embedding best practice information security policies, standards and processes based on ISO 27001, NIST Cyber Security Framework (CSF), Cyber Essentials Plus and SOC 2. You must maintain a positive mindset, and approach your work and the company's IT environments with a real sense of ownership. You also need to have a proactive responsibility to assist in the delivery of secure systems and implement proportionate controls by working with the business, IT teams and 3rd party vendors.  This role will be hands-on; enabling technical teams to make security decisions and provide advice and guidance, ensuring the effective use of common tools and patterns. You will proactively identify anti-patterns to a good security posture and ensure that any issues are remediated in a timely manner.

The IT Engineering team is a fast-growing, motivated group, which allows for a high growth potential and opportunities to distinguish oneself. We are looking for a team member who has already established themselves within the information security community, keen to develop themselves in a hyper growth business, by bringing valuable industry experience and perspectives to bear on our department as we continue to evolve. A successful hire in this position will represent an effective coach and role model within the team, and will be looking to specialise even further in the information security field.

Core responsibilities:

• Implement SOC 2/ISO 27001 framework and Information Security Management System (ISMS). 
• Develop and publish a complete set of corporate Information Security policies and standards and continually monitor the information security controls, KRIs/KPIs and technical landscape of the firm's estate.
• Lead on compliance reviews, responses to diligence questionnaires, certifications, accreditations (e.g. ISO27001, Cyber Essentials, GDPR, SOC 2 etc.). 
• Implement effective and appropriate GRC controls and measures to protect systems and data. 
• Identify, communicate and manage current and emerging security threats with relevant stakeholders. 
• Develop information security compliance frameworks, security policies and procedures, where necessary. 
• Work with business, internal IT and 3rd party vendor teams to promote and adopt security best practices.
• Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable.
• Work with Security partners, Managed Security Service Provider (MSSP) to conduct and review regular security assessments (pen tests, vulnerability scans, red v blue etc) of our own infrastructure and that of vendor solutions (SaaS, IaaS providers and MSSP). 
• Promote security awareness by developing and implementing a training programme. Respond to security enquiries from staff and provide security advice as required.
• Investigate suspected and actual security incidents in accordance with the security incident management standard, produce reports with recommendations and ensure any remedial action is taken.
• Understand the impact of emerging security trends, risks, new guidance or standards (internal and external) and security enhancing technologies.
• Facilitate information security governance through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board.
• Create and promote a security champions user group globally to ensure that the firm is protecting itself in all aspects of security.

Requirements:

• You’ve successfully accomplished the accreditation (or renewal) of a security framework for your organisation.
• Comprehensive understanding of Information Security Frameworks (e.g. ISO 27001, NIST, SOC 2, and Cyber Essentials) and Data Protection including GDPR. 
• You’ve ensured that your organisation has completed a penetration/vulnerability test and/or you’ve instigated a red team v blue team scenario to ensure your controls are robust. You’ve also remediated any findings.
• Monitoring and reporting on compliance with security and data protection policies, as well as the enforcement of policies. You’re happy to roll up your sleeves and actually do the work - presenting to senior stakeholders and obtaining buy-in for global security programs.
• Working knowledge of Security Architecture and potential security issues related to PaaS, IaaS, SaaS and understanding of IAM, and Data Loss Prevention in a cloud first environment.
• Knowledge of security technologies such as IDS/IPS; you understand the value of vulnerability scanning and have used EDR/XDR tools extensively.
• You’ve implemented and chaired an IT Risk Steering Committee.
• You’ve represented your firm by helping to answer questions posed in due diligence questionnaires.

Attributes we're looking for:

• Degree qualified and/or MSc Information Security desirable.
• 10+ years in IT with at least 3+ years in a senior Cyber Security role. 
• CISSP, CSSP, CISM, Cybersecurity or similar certifications.  
• ISO 27001 Lead Implementer or Lead Auditor certification.
• Ability to present security topics to a non-technical audience and presenting the business value of security; managing the IT risk register of the firm.
• Results-oriented, user-focused mindset
• Excellent communication skills
• Naturally positive attitude, with the ability to maintain patience and composure under pressure
• Ability to lead and deliver change and contribute to culture change successfully

Please note this is mainly an office based role.

AlphaSights is an equal opportunity employer. Read more about our commitment to DEI here.