Information Security and Governance Manager
Role Overview
We are looking for an Information Security and Governance Manager to oversee and enhance our information security management and HIPAA compliance processes. This role will be pivotal in achieving ISO27001 certification, refining our security policies, and ensuring staff are well-informed and trained. Operating in a sensitive sector, this position demands a strong understanding of best security practices and, ideally, expertise in HIPAA compliance.
Key Responsibilities
Develop and maintain the organization's information security policies, standards, procedures, and guidance to achieve and maintain ISO27001 certification.
Plan and execute regular compliance reviews and risk assessments, identifying and mitigating security risks and addressing any gaps.
Ensure the secure implementation and maintenance of cloud-based solutions for storing sensitive data.
Create and deliver a comprehensive security awareness and training program.
Investigate and report on security incidents, recommend improvements, and oversee remedial actions.
Produce regular security reports for senior management and the Board.
Provide advice on security-related inquiries and offer guidance for staff and internal stakeholders.
Collaborate with external suppliers and auditors as needed.
Stay informed on emerging security trends, risks, standards, and technologies.
Qualifications and Experience
Degree in Cyber Security, Information Security, or a related field, or equivalent professional experience.
Proven ability to implement and manage information security management systems and security risks, ideally in a HIPAA-compliant setting.
Strong working knowledge of ISO27001, with experience in HIPAA compliance and/or Cyber Essentials Plus preferred.
Ability to effectively influence and advise on security and information risk matters.
Excellent verbal and written communication skills, adaptable across all levels of the organization.
Strong time management and prioritization skills.
Demonstrated commitment to ongoing learning and professional development.
Desirable Experience
Familiarity with the Data Protection Act, Freedom of Information Act, and related standards or codes of practice.
Professional certifications such as: CISSP (Certified Information Systems Security Professional)
CISM (Certified Information Security Manager)
ISO27001 Lead Implementer or equivalent
CISA (Certified Information Systems Auditor)