Job Description
We are seeking an experienced Information Security professional to join our organization and be responsible for defining and embedding best practice information security policies, standards, and processes based on ISO 27001.
This role will maintain our ISO 27001 certification, provide security architecture advice and guidance to technical teams, manage and deliver new information security programs.
* Responsibilities include governance, risk, and compliance leadership on compliance reviews, certifications, and accreditations (e.g. ISO 27001, GDPR, third-party supplier & client etc.).
* Complete security threat and risk assessments, monitor the risk treatment plan, and perform security assessments/reviews on complex information systems.
* Implement relevant Governance, Risk, and Compliance (GRC) controls and measures to protect systems and data.
Verify current digital solutions and processes are in line with current policies and in line with modern secure technologies.
Enhance existing and create new information security policies, standards, and guidelines.
Contribute to the development of digital strategies to address information security risks.
Work with business, internal IT, and third-party vendor teams to promote and adopt security best practices.
Provide information security support to current and future IT projects.
Manage Information Security Audits within the scope of the ISMS and from our own Internal Audit team, clients, and third parties.
Information Security Management Project manage and deliver core information security projects to support transformation programs and manage the information security 'business as usual' activities.
Security Awareness Manage the development of Information Security Awareness programs and in-house security awareness training and security communications.
Technical Carry out security architecture reviews to ensure defense in depth, security by design is implemented and where required to support privacy by design.