Reports to:
Information Lifecycle and Certification Lead
Job Title:
Information Assurance Manager
Direct Reports:
N/A
Location
London (including UK&I travel)
OVERVIEW OF ROLE:
Information Assurance and Business Technology is part of the Regional Operations Management team and acts as custodian for a number of key certifications among client and service teams that supports the UKI business.
The Information Assurance Manager is responsible for supporting the provision and effective management of all external certifications and third party scorecards as well as the operational and strategic delivery of the ISMS and IMS in UK&I. In addition, the role will provide support to critical Records and Information Management systems and processes.
MAIN JOB RESPONSIBILITIES:
Operational responsibilities
1. Manage and deliver all practices put in place to support the Integrated Management System (IMS) strategy to ensure continued ISO certifications for ISO 9001 (Quality) and ISO 14001 (Environmental) to the current scope.
2. Support the operational delivery of the UKI Information Security Management System (ISMS) to ensure continued certification to ISO 27001 for all UK offices and coworking locations within scope.
3. Work alongside the Information Certification Senior Manager to undertake planning, management and delivery of all UKI external certifcations and third party scorecards. This includes but not limited to Achilles, EcoVadis, Cyber Essentials, FSQS, Risk Ledger.
4. Work with the Information Assurance Programme and Delivery Lead to maintain the Information Governance Framework and provide support during periods of absence with critical UKI Records Management systems such as the GRS and RE-REQ.
5. Provide subject matter expertise to the team on technical and operational IMS and ISMS documentation.
6. Undertake onsite and remote IMS internal audits in accordance with the IMS internal audit plan.
7. Provide a monthly IMS dashboard reporting on internal, external and third party audits/inspections.
8. Maintain the IMS systems including intranet pages, document and records registers, the online legislation register, the shared storage space on servers and the Continual Improvements Reports Database (CIRD).
9. Ensure IMS and ISMS risks are identified and control measures are in place
10. Responsible for identifying & delivering relevant IMS and ISMS training.
11. Chair (or participate) in team and service partner meetings as appropriate.
12. Chair IMS management meetings as appropriate.
13. Ensure best practice and external knowledge is maintained and shared with key stakeholders. Apply best practice techniques as appropriate.
14. Promote quality achievement, environmental management and health & safety compliance to CBS and AWS senior leadership.
15. Support Workplace Services team in IMS related activities including, but not limited to; environmental monitoring, management of utilities, elimination/reduction/recycling initiatives and reporting.
16. Ensure that processes needed for the IMS and ISMS are maintained in accordance with the requirements of EY, ISO standards and legal and other requirements.
17. Report to CBS Senior Management on the performance of the IMS and any need for improvement.
18. Ensure the promotion of awareness of customer requirements throughout EY.
19. Support the Head of Workplace Operations in delivering their responsibilities where applicable
20. Fully support the implementation and ongoing requirements of EY ISO standards. Ensure all areas are compliant with its policies and procedures, and where appropriate, actively contribute to continuous improvement programmes.
21. Support the Information Certification Senior Manager in periods of absence and together ensure there is a coordinated strategy in relation to the audit schedule.
22. Support the Information Lifecycle and Certfication Director in delivering their responsibilities where applicable.
Management Representative Responsibilities
23. Ensuring that processes needed for the Integrated Management System and Information Security Management System are established, implemented and maintained in accordance with the requirements of EY, ISO standards and legal and other requirements.
24. Reporting to senior management on the performance of the Integrated Management System and Information Security Management System and any need for improvement.
25. Ensuring the promotion of awareness of customer requirements throughout EY.
Work with key stakeholders (Enterprise Risk, QRM and Workplace Services Management) to
26. Develop, manage and maintain an IMS internal/external audit programme.
27. Co-ordinate and undertake audit activities to assess the effectiveness of, and compliance with ISO 9001 and ISO 14001 standards and IMS process requirements.
28. Formulate and manage the implementation and tracking of IMS goals, objectives, policies, procedures and systems pertaining to IMS, ensuring targets are achieved.
29. Ensure compliance with relevant legislation and safe systems of work for all operations and supply chain extending to both project and day to day activities.
General
30. Fully support the ongoing requirements of EY’s ISO 9001 and ISO 14001 and ISO 27001 standards. Ensure all areas are compliant with its policies and procedures, and where appropriate, actively drive continuous improvement of the IMS and ISMS.
KEY ATTRIBUTES:
31. Self starter
32. Ability to operate calmly under pressure and manage competing priorities.
33. Strong customer focus.
34. Strong personal awareness and credibility.
35. Strong communication skills (oral/written).
36. Strong relationship management skills.
37. Appreciation of business administration and financial planning & budgeting.
38. Understanding of continuous improvement methodologies.
39. Enthusiastic, committed and determined.
40. IT literate.
41. Eye for detail.
GENERAL EXPERIENCE:
General (essential)
42. Relevant experience managing an Integrated Management System (IMS) for a large organisation with multiple sites of comparable size and complexity.
43. Good track record in all areas of IMS management systems certified to ISO 9001 and ISO 14001 through an approved UKAS accreditation body.
44. Experience of leading and supporting a team of auditors.
General (desirable)
45. Experience of developing, implementing, maintaining and auditing other Management Systems such as Energy Management (ISO 50001), Information Security (ISO 27001) and Health & Safety (18001)
Professional Membership/Qualifications
46. Qualified Lead Auditor – QMS (ISO 9001) and EMS (ISO 14001) essential.
47. Qualified Lead Implementer – ISO 27001 – desirable
48. IOSH or Relevant qualification (NEBOSH) desirable.
49. Associate or Member of Chartered Quality Institute desirable.
50. Registered with International Registrar of Certificated Auditors (IRCA) for any or all: QMS, EMS, EnMS, ISMS desirable.
Statutory Compliance
51. Good understanding of statutory compliance (, Quality, Environmental, Energy, Security and Health & Safety) and current legislation.