Information Security Assurance Manager
Information Security Assurance duties and responsibilities will include:
Our client are seeking the below skills & experience:
- Support security and risk management reporting and risk related actions and follow up.
- Review new and existing supplier and partner contracts and perform regular assurance activities to validate supplier security posture
- Performance of audit related activities internally and externally to the organisation, as well as preparation to receive external audits
- Review design and architectural design documentation and data flow diagrams and provide security requirements and input
- Support IT and Business transformation projects by ensuring they are risk-assessed and controls and security requirements are met through the transformation lifecycle, including compliance requirements such as ISO 27001 and PCI-DSS
- Scope, arrange and support security testing, including penetration testing
- Develop information security processes and procedures alongside business and IT stakeholders and its embedding
- Attend business governance meetings as required representing the Information Security team
The following qualifications, experience and behaviors are essential to this role.
- Several years of Security Engineering/Architectural experience.
- Excellent analytical skills and ability to solve complex problems;
- Excellent communication skills and the ability to clearly and concisely articulate information security risks to business and technical teams;
- Strong interpersonal skills and be approachable for all members of staff;
- Ability to communicate effectively at all levels within the organisation;
- Ability to manage third party security vendors and be involved in the procurement process;
- Experience in Security Governance and Security Assurance;
- Knowledge of ISF, ISO 27001, SOGP, PCI-DSS and GDPR and previous management experience in information security would be great to see.
At least two of the following certifications is required, further training may be given to the right candidate:
- CISSP (ISSAP, ISSEP)
- ISO 27001:2013 Lead/Implementation Auditor.
- Bachelors or master’s degree in computer science, information technology, information security or a related field;
- Previously worked within a large, multinational retail organisation; and
- Previous experience in information security strategy;
- Understanding of SharePoint libraries and publication to intranets.
Please do get in touch for a full detailed job spec.