Our client a financial services provider, are a vibrant, inclusive, and innovative place with great ambition working together within the community. This role will help with ensuring compliance with industry-standard security practices and regulations, while continuously evaluating and enhancing the organisation's security posture. Playing a pivotal role in minimising risks & protecting assets. You will be positive, driven to work collaboratively and in return they offer a great benefits package and development opportunities.
Responsibilities of the role:
- Collaborating with senior management to develop and refine the organisation's information security strategy, aligning it with business objectives and regulatory requirements.
- Developing, implementing, and maintaining information & data security policies, standards, guidelines, and procedures to ensure compliance with relevant regulations (e.g. GDPR, PCI DSS) and industry standards such as Cyber Essentials+, ISO 27001 & NIST guidelines.
- Managing the relationship(s) with 3rd party suppliers responsible for implementing and managing security monitoring tools and technologies, ensuring we detect and respond to security threats in a timely manner.
- Developing and deliver a security awareness and training programs to educate colleagues about security best practices and ensure compliance with security policies and procedures e.g. Phishing & Poster Campaigns, USB Drop Testing.
- Maintaining risk awareness within the role, ensuring relevant controls are implemented and are operating effectively, reporting of all risk events identified and escalating risk issues which have the potential to breach the Society's appetite for risk / control environment.
- Evaluate and manage third-party vendors and service providers to ensure they meet the organisational security requirements and adhere to contractual obligations relating to information security.
Requirements of the Information Security Manager
- Minimum of 3 years of experience in information security management.
- In-depth knowledge of information security principles, practices, technologies, and standards.
- Knowledge of Cybersecurity Frameworks and Standards Compliance.
- Knowledge of data Privacy Laws and Regulations.
- Cloud Security best practice and principles.
- Security Education & Awareness
- Ability to work under pressure in a regulated environment.