Information Security Manager

Description

Reporting to our Head of IT, you will be responsible for continuing the enhancement and implementation of information security and data processing policies and standards across the organisation and in particular, auditing and maintaining ISO27001 processes and accreditation.

Main Responsibilities

As an Information Security Manager your day to day remit includes:

• Acting as the central point of contact within Forseven with regards to information security

• Supporting and managing the Info Sec team

• Providing input into relevant oversight committees of the organisation and senior management

• Supporting the work of the Business Continuity Forum as required

• Ensuring continued compliance against BS ISO/IEC 27001certification for all Forseven locations, including planning and coordinating regular external surveillance and re-certification audits;

• Planning and implementing extensions to the scope of this and other certification(s) where Forseven changes its scope of operations.

• Managing the client audit process and progressing and closing external audit non-conformities.

• Monitoring and managing the day to day Information security management system (ISMS).

• Plan, manage and undertake internal and third-party audits on IT governance, information security and controls.

• Liaising with IT as necessary including providing input into change and transformation activities as required

The Ideal Candidate

You will be able to demonstrate a supportive, flexible and driven ethos and will have accumulated the following experience and skills:

• Proven experience of having managed an Information security management system (ISMS) and maintaining ISO27001 certification in a multi-site operation.

• Solid understanding of IT and experience in contributing to IT governance, controls and best practice processes.

• Considerable experience in undertaking a range of internal and third-party audits around Information security, data protection and IT governance and controls.

• Experience in developing physical security best practice processes and controls.

• Good understanding of the Data Protection Act and EU GDPR.

• Very good understanding of the principles of risk assessment and risk treatment, including operational risk as well as compliance monitoring and reporting.