Location: West Midlands region
Description: Dynamic, articulate and highly experienced senior Information Security champion required by our market leading technology solutions specialist client.
Salary: to c£65k neg dep exp + ben
Our client specialises in the provision of a range of office technology products and services including Document Management, Network Support, Cloud Services and Managed Print solutions to an impressive and diverse range of both public and private sector customers throughout the UK. As a result of continued success and a planned programme of strategic growth, they are now seeking to recruit an experienced Information Security Manager to champion information security across all areas of the business and complement their established and professional team.
Reporting to the Group Director, the successful candidate will be the central point of contact for all matters relating to information security and data protection, managing all aspects of the ongoing development of the information security improvement programme as well as the implementation of associated organisational and technical controls, and ensuring continued compliance with relevant standards, laws and regulations. This business-critical role is responsible for ISO27001 and GDPR compliance, and the successful candidate will co-ordinate information assurance activities and liaise with the Senior Information Risk Owner and Information Asset Owners to ensure relevant controls are selected, implemented, reviewed and improved based on the risks to the company’s assets.
As a compliance specialist, you will pro-actively identify and lead initiatives to continually improve information security and maintain compliance to the organisation’s policies, leading programs to improve staff awareness of information security including knowledge of ISO27001 and GDPR, as well as presentations to senior management on information security governance initiatives and providing KPIs and metrics where applicable. You will be responsible for proactively managing, tracking and resolving risks and will act as the Data Protection Officer for the Group, whilst working closely with the Group IT function to develop operational security capabilities and assisting in the management of security and data incidents.
Other responsibilities for this varied and challenging role will include chairing the Internal Information Security Forum (and associated actions such as updating the ISMS register with forum decisions and relaying and recording minutes and actions of the meetings), coordinating both internal and external audits including ISO27001 and Cyber Essentials to ensure ongoing certification, and managing the ISMS in order to ensure that risks are identified and recorded and that the Risk Treatment Plan is implemented and continually reviewed.
You will also maintain contact with relevant authorities and interest groups as required and ensure that all customer security compliance requirements and associated information security controls are maintained, monitored and improved on an ongoing basis, co-ordinating and managing responses to incidents and reporting appropriately and monitoring supplier agreements and contracts to ensure security requirements are being delivered and maintained.
Acting as the Group Data Protection Officer, you will oversee compliance with Data Protection legislation including GDPR and PECR and will work with all parts of the Group to identify personal data and ensure processing is actioned in line with legal requirements, and that customer data protection compliance requirements are met and maintained as well as supplier data processing agreements are in place and adhered to.
To be considered for this genuinely unique, diverse and exciting opportunity, it is envisaged that the successful candidate will be qualified to degree level or equivalent in a relevant Information Security related discipline and ideally certified in one or more of the following: ISO27001 Lead Auditor, GDPR Practitioner, CISSP, CISM, CISA, SSCP or CISMP. It is essential that you can demonstrate previous experience of working in a security governance role with exposure to operational IT security and comprehensive knowledge of IS standards including ISO27001 and GDPR compliance and will be flexible to travel in the UK as required.