About the role
Role
The Information/Cyber Security Manager will be the process owner for all ongoing activities that provides appropriate access to and protects the confidentiality and integrity of customer, employee, and business information in compliance with the Company’s information security policies and standards.
They will act as a facilitator to liaise and gather information from all staff who have designated information security responsibilities (HR, Facilities; IT staff e.g. service desk; system development).
The individual must also have good communication skills and the ability to present information in business terms
Responsibilities
Develop and implement comprehensive cyber security strategies, policies, and procedures to safeguard the organisation's digital assets.
Assess the current security posture and identify vulnerabilities and risks. Conduct regular security audits and penetration testing to ensure the effectiveness of security controls.
Stay up to date with the latest cyber threats and trends and develop proactive measures to mitigate potential risks.
Manage a team of cyber security specialists, providing guidance, training, and support to ensure the highest level of performance and expertise.
Collaborate with cross-functional teams to integrate security measures into the organisation infrastructure, applications, and processes.
Implement and oversee incident response procedures and manage the resolution of security incidents, conducting thorough investigations and implementing corrective actions.
Monitor security events and alerts and respond to and investigate any suspicious activities.
Conduct regular security awareness training programs for employees to promote a security-conscious culture.
Stay informed about industry best practices and emerging technologies to continuously improve the organisation's security posture.
Maintain compliance with relevant regulatory requirements, such as GDPR, HIPAA
Qualifications and experience
Certifications such as CISSP and/or CISM
Proven experience with security frameworks and standards, such as ISO 27001, ITIL, or CIS Controls
Proven experience of at least 5 years in cyber security management or a similar role.
Strong knowledge of information security fundamentals and best practices
Familiarity with security tools and technologies, such as SIEM, IDS/IPS, PAM, firewalls, antivirus software, and encryption mechanisms.
Knowledge of cloud security concepts and technologies, such as AWS or Azure
Knowledge of best practice standards for Information Security (COBIT; Government’s Cyber Security Strategy – CAF – Cyber Assessment Framework; NCSC (UK’s National Cyber Security Centre) guidance
Awareness of financial regulations in respect of information/cyber security guidance
Demonstrated analysis, planning, research and creative problem solving skills
Well-developed oral communication and presentations skills
Effective writing skills and experience in policy writing