The role
The Information Security Compliance Lead is a key role with the firm’s Security Governance team and is responsible for ensuring security controls are operating effectively and in accordance with both regulatory requirements and client obligations.
The role will identify, report and act upon security control gaps and co-ordinate the response with control owners to help mitigate any threats to the firm and the data it manages.
They will lead the day-to-day management of the ISMS and ensuring records are kept up to date and all governance activities are being performed.
MAIN DUTIES AND RESPONSIBILITIES
The Information Security Team is responsible for ensuring compliance with information security controls, management policies and procedures that are a core component of the firm’s ISO 27001 certification.
The key areas of responsibility are (but not limited to):
* Conducting compliance audits and reviews to ensure compliance in accordance with ISO27001, and other standards
* Ensuring the continuous embedding of ISO27001 Information Security Management framework and adherence to the standard
* Conducting control testing as part of a continual programme of reviews
* Continually look for ways to improve security processes to better manage the firms ISMS and wider security controls
* Supporting the firms Cyber Essentials Plus certification and performing regular compliance testing
* Liaise with external and internal auditors engaged in certification, financial and operational audits conducted on the firm
* Supports client audits and acts as subject matter expert for client questionnaires
* Ensures policies and processes are in line with regulatory and client standards
* Agrees risk and audit remediation action plans with appropriate cross functional owners ensuring mitigation is completed on time
* Escalates significant risks or risk trends to appropriate leadership
* Manages the internal security assurance audit schedule
* Embeds compliance culture and risk awareness
ABOUT YOU
* Experience of operating, monitoring and implementing security policies, standards and controls across multiple security control frameworks
* Demonstrable understanding of information security controls and technology
* Experience of working with security controls across cloud services
* Experience of managing and auditing ISO27001 ISMS
* Managing external audit activity and supporting internal audits
* Good understanding of risk management
The ideal candidate should have excellent soft skills and understand how to communicate within a large organisation and with staff within the business. Several years’ experience in the security industry is a must and a good breadth of security knowledge is essential.
The following characteristics are essential:
* Service minded
* Ability to deliver in a global organisation with different cultural challenges
* Must have a pro-active approach
* Must have a methodical troubleshooting method
* Initiative and ability to work under time constraints
* The ability to cope with multiple tasks/projects
* Excellent communication and collaboration skills
* Organised and self-motivated
* Genuine passion for Information Security
* Desire to develop (themselves, their colleagues and their capabilities)
Key Relationships
* Client Relationship Managers and Clients
* IT and Security architects, project managers, engineers, analysts
* IT Managers
* Broader Risk and Compliance functions including Internal Audit and Data Privacy
#J-18808-Ljbffr