Information Security Assurance Manager

The Information Security Assurance Manager is responsible for maintaining and maturing the university's Information Security Management System (ISMS) in alignment with ISO/IEC 27001:2022 and related standards, such as ISO 9001, ISO 27005 and ISO 31000. The role oversees the effective operation and continual improvement of the ISMS, including the expansion of its scope across additional faculties, services, and operational areas where appropriate, with an ultimate goal of implementing an integrated management system for the university. The postholder will lead a team, providing expert guidance on information security governance, risk management, compliance, and assurance, while working closely with university stakeholders to embed robust security practices. This role is based within the IT Assurance team at King's Service Centre in Cornwall, however, there will be some need to travel to the London campuses., * Maintain, continually improve, and expand the university's ISO 27001 certification.

• Chair management review meetings and maintain the continual improvement log, ensuring all actions are logged, prioritised, and appropriately progressed.
• Conduct fieldwork for internal audits, working from the annual plan, to keep the timescales for completion on track.
• Create and present reports to the relevant management teams following audits, including recommendations for improvements where necessary.
• Contribute to the improvement of information security culture across the university by building relationships and supporting best practice through recommendations.
• Be the main point of contact for surveillance and certification audits of the ISMS.
• Work towards an integrated management system, incorporating other ISO standards and best practice as appropriate.

The above list of responsibilities is not exhaustive, and the post holder will be required to undertake such tasks and responsibilities as may be reasonable expected within the scope and grading of this post.

Do you have experience in Quality management?, The role holder will have in-depth knowledge of information security management systems (ISMS), including their design, implementation, operation, and continual improvement, ideally within a complex higher education environment. They will demonstrate a strong understanding of relevant international standards, particularly ISO/IEC 27001:2022, ISO/IEC 27002:2022, and ISO/IEC 27005:2022, and how these can be applied pragmatically to support institutional governance, assurance, and risk management while enabling teaching, research, and professional services activity.

Professional information security certifications, such as ISO/IEC 27001 Lead Implementer or Lead Auditor, CISSP, CISM, or an equivalent qualification will be held, and they will have demonstrable experience of expanding the scope of an ISMS or implementing security frameworks across diverse operational, academic, or research environments. Familiarity with data protection requirements, research security considerations, and third-party assurance activities is desirable, including the ability to assess and manage supplier and partner risk.

In addition to strong technical and professional expertise, the postholder will be highly organised, thorough, and attentive to detail, with the ability to work independently and exercise sound professional judgement. They must be an effective communicator, capable of engaging confidently with staff at all levels, including influencing and negotiating outcomes with senior management. A well-developed understanding of risk management is essential, including a practical appreciation of risk appetite and the ability to apply it proportionately to support informed decision-making., * Strong understanding of information security standards and frameworks, particularly ISO/IEC 27001:2022.

• Practical experience of security assurance activities, including internal audits, control assessments, and risk management.
• Strong understanding of information security risk assessment methodologies and treatment planning.
• Experience leading, managing, and developing a small professional team, with the ability to set clear objectives, manage performance, and support professional development.
• Proven ability to work effectively with a wide range of stakeholders, including senior leaders, technical teams, and non-technical staff.
• Strong written and verbal communication skills, with the ability to explain security concepts clearly and pragmatically.
• Ability to manage multiple workstreams, priorities, and deadlines effectively.

Desirable Criteria:

• Experience or detailed understanding of the UK Higher Education system.
• Understanding of service management practices, in particular ITIL4.
• Experience or knowledge of disaster recovery and business continuity planning and scenario testing.
• Experience or knowledge of ISO 9001 Quality Management Systems Standard.
• Experience or knowledge of ISO 31000 Risk Management Standard.
• Experience of budget management.

• Hybrid Working - Minimum of 5 days per month in the office
• 10% Performance related bonus
• 30 Days holiday and maximum of 8 public holidays (pro-rata)
• Sick pay
• 4 Discretionary Christmas Closure Days
• Contributory pension scheme
• Life Assurance cover
• Service time - 3 Volunteer days per year
• Free onsite parking & Bike racks
• Annual leave purchase scheme - up to a maximum of 10 days (subject to national minimum wage requirements)
• Student Discount (access to Totum, Unidays & Student Beans)
• CycleScheme
• TechScheme
• Opportunities for formal training and professional certification
• Free access to Linkedin Learning
• Free access to Future Learn short courses
• Potential for internal promotion and advancement

Equality, diversity & inclusion

We are an inclusive and welcoming employer that encourages a wide range of applicants. We embrace diversity and want everyone to be able to bring their whole selves to work and succeed. This is in line with King's College London (KCL).

About King's Service Centre

King's Service Centre is home to an innovative and forward thinking service team supporting the services of King's College London University. We've brought highly skilled career opportunities to Cornwall since 2015, through recruiting locally, investing in staff training and development, and Apprenticeships. King's Service Centre provides first-line support to the 50,000 strong King's College London community of students, academics, researchers and professional staff - 24 hours a day, 7 days a week, 365 days a year. Support provided includes;

• Estates & Facilities Service Desk
• IT Service Desk
• HR & Payroll Service Desk
• Residences Service Desk
• Student Service's Service Desk
• IT Technical support
• Business Operations

The roles available at King's Service Centre are varied, from Service Desk Analyst and Business Administrator, to Network Engineer or Project Manager.

For all our roles we are open to discussing the possibility of part time work, reduced hours, hybrid working and flexible start and finish times. Unfortunately, we cannot promise to agree to your original request, but we do promise not to judge you for asking and to consider the possibility.     If you require alternative methods of application or screening, you must approach the employer directly to request this as Indeed is not responsible for the employer's application process.