We are working with a global communications organisation who are building out their Information Security team in London. They have recently just been accredited with ISO 27001 and Cyber Essentials, so this Manager who reports to the Director of GRC will play a vital part in the continuous improvement of their ISMS; in order to keep the status.
The candidate will manage Risk Treatment Plans and maintain Plan of Actions and Milestones for those risks; and will assist in the management and delivery of projects across a wide spectrum of initiatives.
- Oversee, evaluate, and support the documentation, validation and assessment of Information Security Management System processes necessary to assure that existing and new information and information processing systems meet the organization's cybersecurity and risk requirements
- Ensure appropriate treatment of risk, compliance, and assurance from internal and external perspectives
- Conduct comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information and information processing systems, assisting the security engineering team to prioritise corrective actions
- Build strong relationships within the organisation to support and enhance a high performing collaborative approach to achieve departmental goals
- Manage the agenda of the Information Security Steering Committee
- Manage the internal audit plan leading to ISO 27001 re-certification
- Lead, coordinate, communicate, integrate, and be accountable for the overall success of the risk management program, ensuring alignment with agency or enterprise priorities
Essential Knowledge and Skills:
- Demonstrable knowledge and previous work experience of risk management processes (e.g., methods for assessing and mitigating risk)
- Demonstrable knowledge and previous work experience of ISO 27000 family of standards
- Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy
- Proficiency in developing and applying ISO 27001 standards in a critical infrastructure operational environment
- Ability to communicate complex information, concepts, or ideas in a confident and well organized manner through verbal, written, and/or visual means
Desirable Knowledge and Skills:
- Knowledge of NIST family of standards
- Knowledge of applicable business processes and operations of customer organizations
- Knowledge of specific operational impacts of cybersecurity lapses
- Working understanding of applying ISO 27001 controls in a satellite communications operational environment
- Formal education or qualifications in Information Security preferred (e.g. CISSP)
- ISO 27001 Certified Lead Auditor
- ISO 27001 Certified Lead Implementer
Huntress Search Ltd does not discriminate on the grounds of 'protected characteristics' as defined under the Equality Act and other relevant UK legislation.
Huntress Search Ltd acts as a Recruitment Agency in relation to all Permanent roles and as a Recruitment Business in relation to all Temporary roles.
PLEASE NOTE: We can only consider applications from candidates who have the right to work in the UK.