Information Security Manager required by our market leading, award winning, professional services organisation based in Bristol. This role will be hybrid with 1-2 days a week onsite in Central Bristol.
The successful Information Security Manager will join our clients InfoSec team in Bristol who are responsible for identifying and mitigating the major InfoSec risks for the business and ensure compliance against specific regulatory and best practice standards. The Information Security Manager will work closely with the Head of Information and Cyber Security and in line with ISO27001 certifications and regulatory and client requirements.
- Acting as the deputy for the Head of Information and Cyber Security.
- Continue the enhancement and implementation of information security and data processing policies and standards across the business.
- Act as a point of reference on best practice in relation to IT and IS governance, controls and practices across the business.
- Manage and implement internal, client and external info sec audits.
- Maintain the internal policy and procedure bank.
- Offer training on aspects of information security policy to the business as required.
- Research and evaluate emerging security threats and ways in which to manage or mitigate them.
- Offer advice and guidance to internal stakeholders to ensure best-practice is always followed.
- Managing the compliance and vulnerability management platforms for both on prem and cloud-based assets.
- Managing third party penetration testing including scoping, analysis, remediation planning and tracking.
- Work closely with other members of the Technical and Operational Teams to support various projects across the organisation.
- Keep up to date with current cyber security risks and mitigation techniques.
- Proven experience of having managed an Information security management system (ISMS) and maintaining ISO27001 certification in a multi-site operation.
- Solid understanding of IT and experience in developing IT governance, controls and best practice processes in the form of the IT infrastructure library (ITIL) and IT service management certification (BS ISO/IEC 20000).
- Experience developing business objectives/governance, risk and compliance (GRC) procedures and dashboards.
- Good understanding of the Data Protection Act and GDPR provisions.
- Proven experience writing policies and procedural documentation for IT systems/requirements.
- Excellent verbal and written communication skills and the ability to interact professionally with a diverse group, partners/directors, managers, staff at all levels, external and internal stakeholders, clients and subject matter experts.
- Experience with cloud environments i.e., Azure and AWS.
- Experience with project engagements, using waterfall and agile methodology.
- An understanding and experience with vulnerability management, SIEM and malware.
- CISSP security qualification or currently studying for CISSP.
This fantastic role comes with a basic salary of £50,000-60,000 p/a and on top of the bespoke training package, comes with the following benefits: A performance related bonus, remote working, annual salary review, 25 days holiday (which will increase to 30 days based upon length of service), private medical insurance, pension and many more.
Apply for this role: