Overview

A brand new role is available for an experienced Information Security Manager/Analyst to work for a large organisation in Newcastle Upon Tyne.

The Information Security Manager contributes to the effective protection of the firm against cybercrime and acts as an internal specialist for Information Security, Data Protection and GDPR. The ISM is responsible for the maintenance of ISO27001. The ISM will work with the wider firm to deliver a commercial, pragmatic, effective and risk based approach to activities that provide appropriate access to, and protect the confidentiality, availability and integrity of Client, Staff, and Firm information.

The Role:

  • Responsibility for providing proactive and pragmatic advice as the internal information security expert to the firm.
  • Responsible for the management and maintenance of the Firm’s Information Security Management System in line with the ISO27001 Certification and managing associated external continual assessment visits.
  • Take a proactive approach to mitigating risk by working with stakeholders to maintain and monitor the Firm’s Information Security Risk Register.
  • Engage with stakeholders to implement information security policies and procedures that meet external standards and internal needs of the firm.
  • Chairs, documents and coordinates the activities of the Information Security Committee.
  • Provides direct training and oversight to all staff, partners and or other third parties.
  • Takes the lead and initiates, facilitates, and promotes activities to create Information Security awareness and best practice within the Firm and ongoing awareness and education activities.
  • Manages the Firm’s third party reviews to meet internal standards and in line with ISO27001.
  • Perform Information Security Risk Assessments and Privacy Impact Assessments for the Firm.
  • Support the wider firm on impact assessments, business continuity, disaster recovery and data protection risks.
  • Acts as an Internal Auditor for Information Security Incident issues and manages the Information Security audit plan including identifying areas of good practice, areas for improvement and any training needs.
  • Responsible for managing the Information Security Incident Process and ensuring that any mitigation measures are implemented and reviewed.
  • Proactively advises the Firm of current and emerging cyber threats and provides information about Information Security technologies and related regulatory issues.
  • Key member of the Disaster Recovery and Business Continuity Team
  • Act as the Firm’s Data Protection Officer including coordinating and responding to subject access requests.
  • Works with external consultants on the implementation of GDPR.
  • Responsible for keeping abreast of current and emerging security threats, technologies and legislative changes.
  • Managing the Supplier on-boarding process

The Person:

  • Working knowledge of ISO 27001:2013 & other leading industry standards Knowledge of best practice standards for Information Security and Cyber Security (e.g. Cyber Essentials and Cyber Essentials Plus)
  • Experience in information security management and control and collaborating with stakeholders to mitigate risk while delivering business improvements
  • A broad understanding of information security risks, issues and measures and providing business focused solutions.
  • Comprehensive knowledge of current security management tools/ technologies and the external legislative landscape.
  • Experience of data protection and knowledge of GDPR
  • Demonstrated analysis, planning, research and creative problem solving skills
  • Effective interpersonal, consulting, persuading and negotiation skills across all levels
  • Well-developed oral communication and presentations skills
  • Experience of developing and delivering information security related training programs
  • Effective writing skills and experience in policy writing
  • Desirable, but not essential, knowledgeable on the NHS Information Governance Toolkit.
  • Experience in project management

Qualifications required: Preferably CISM Certified (Certificate in Information Security Management)

Based in Newcastle City Centre, great benefits available including 25 days holiday plus bank holidays, pension scheme, flexible benefits options.

Office hours – Monday to Friday

Salary is negotiable for this role.