INFORMATION SECURITY MANAGER
Net Talent are delighted to have partnered with a real Scottish success story in the facilities management space who have grown consistently throughout their 40 year history.
As they look to consolidate their in-house processes, a need for an Information Security Manager has come about to work alongside the CTO and Head of GRC.
Your role will involve effectively managing cyber risk and information protection. Your key responsibilities include safeguarding the organisation from security threats by identifying risks and creating appropriate risk mitigation strategies. You will providing the leadership team with independent assurance of their cyber risk and information protection position.
You will take charge of providing a specified set of cyber assurance assessments, projects, and initiatives, while also meeting goals related to cyber assurance and compliance. Additionally, you will play a key role in shaping the businesses cyber security strategy, encompassing data security, monitoring and reporting, risk and threat assessment, incident response, business continuity, and disaster recovery.
PRINCIPAL TASKS AND RESPONSIBILITIES
- Contribute to and maintain the existing information security risk management framework
- Collaborate with key stakeholders to prioritize technology, process, and people-centric security initiatives
- Support the development of the information security business plan, including audits, tests, risk assessment activities
- Work closely with key stakeholders to prioritize information security and compliance initiatives
- Conduct security risk assessments and testing to determine risks and make necessary recommendations
- Ensure accountability for implementing data security measures that comply with our policies
- Respond to information security incidents in accordance with relevant standards and processes, ensuring that agreed KPIs are met or exceeded.
- Conduct regular security and data protection compliance audits and tests, taking appropriate action to address any identified risks.
- Assist in the development of the business’ disaster recovery and business continuity plan.
- Collaborate with internal departments and external suppliers to identify and mitigate information security risks.
- Initiate, facilitate, and promote activities that enhance information security and data protection awareness across the City and among its suppliers.
- Drive on and maintain data protection impact assessments.
- Undertake various information security and compliance-related activities, such as raising awareness, analysing training needs, managing data migrations, enhancing security measures, handling breaches, and responding to data protection-related RFIs.
- Input to and fulfil the development hiring plan for the team, including sourcing, screening, and interviewing
KNOWLEDGE, SKILLS & ABILITIES
- Cyber risk management and information protection experience
- Cyber security essentials
- ISO 27001
- NIST CSF
- Strong Technical Background in Data Classification and Data Loss Prevention
- Experience in information security governance, policy and procedure definition
- Administration of Active Directory, Azure AD, Windows File Services, SharePoint & Office 365
- Implementation of Microsoft Purview and oversight of configuration.
- Strong broad-based technical background (database, web-based application development, infrastructure etc.)