Information Security Manager
Role details
Job location
Tech stack
Job description
As the Smartdesc Information Security Manager, you will be working with the Information Security team and technical delivery team to deliver security solutions to our customers.
You will work with Smartdesc customers providing strategic Information Security guidance, support and roadmaps, driving continuous improvement in their security posture. This wil include identifying and overseeing a variety of security projects, including helping our customers to implement security controls, assessing against industry good practice, creating assessment reports to deliver to Senior Leadership Teams and improving organisations security position., * Identifying steps that organisations need to take to improve their security position and supporting them through the process.
- Alignment of good practice frameworks and standards such as Cyber Essentials, NCSC CAF and ISO 27001.
- Ownership or oversight of key Information Security processes and procedures.
- Implementation and ownership of Information Security Risk Management programmes.
- Identifying and managing remediation actions to reduce risks.
- Ownership or oversight of Information Security Policies.
- Development and Implementation of general and role/function specific Information Security Training and Awareness programmes.
- Raising, investigating and managing or supporting IT Security incidents ensuring any necessary follow up actions.
- Providing IT security support to business functions including digital teams, IT infrastructure and IT Service Desk.
- Development and ownership of the Information Security Internal Audit programmes.
- Oversight of rolling programmes of security tests, reviews and audits.
- Writing Information Security reports and delivering the findings to key stakeholders.
Requirements
This role will be customer facing requiring a keen eye for detail and proven ability of delivering Information Security good practice., * Knowledge and experience with technology, security and DP related compliance, legal & regulatory frameworks and standards, including Cyber Essentials, ISO27001, PCI DSS, OWASP, GDPR etc.
- Knowledge and experience of the Microsoft stack. Purview experience is beneficial.
- Ability to demonstrate expert knowledge and understanding of information security good practice.
- Experience in working with technical and non-technical business personnel at various levels, articulating security risks in a manner appropriate to the stakeholders.
- Strong attention to detail.
- Knowledge of Information Security principles and concepts and knowledge of technical security controls.
- A positive can-do attitude and a self-starter who can work under their own initiative.
- Information Security certifications such as CISSP or CISM are beneficial as are Microsoft certifications especially from the SC series such as the SC-400/401.
- Information Security certifications such as CISSP or CISM are beneficial as are Microsoft certifications especially from the SC series such as the SC-400/401.
Benefits & conditions
- Gym membership contribution
- Health Cash Plan
- Increased annual leave with length of service
- Free annual leave on your birthday
- Length of service bonus
- Flexible working hours
- Hybrid working
- Free Will Writing service
- Life Insurance
- And much more!
