Location: Based in Cheadle, hybrid role 2 WFH, 3 in Offices
Job Type: Full Time
Reports To: Director of Governance Risk and Compliance
Job Summary:
We are seeking an experienced and highly skilled Information Security Manager to join our team and ensure the confidentiality, integrity, and availability of our organization’s information and technology assets. The ideal candidate will be responsible for developing, implementing, monitoring, and maintaining robust security programs, policies, and controls to protect the company’s data and systems from internal and external threats. This role requires a strong understanding of security frameworks, risk management, and compliance regulations.
Key Responsibilities:
1. Develop, implement, and maintain the organization’s information security strategy, policies, and procedures.
2. Identify, evaluate, and address potential security risks to the organization’s networks, systems, and data.
3. Lead the implementation of security tools and technologies to monitor and protect against vulnerabilities, threats, and attacks.
4. Conduct and review regular risk assessments, vulnerability scans, and security audits to ensure the ongoing safety of organizational assets.
5. Ensure compliance with applicable data protection regulations, industry standards, and internal policies (e.g., GDPR, HIPAA, NIST, ISO 27001).
6. Collaborate with IT and other departments to design and implement secure systems, networks, and applications.
7. Investigate and respond to security incidents, breaches, and vulnerabilities, coordinating with appropriate teams to mitigate damage.
8. Provide regular monitoring of environments, highlighting alerts and potential incidents.
9. Provide security awareness training and guidance to employees to foster a culture of security across the organization.
10. Stay up to date with the latest security trends, emerging threats, and best practices to maintain a proactive security posture.
11. Prepare and deliver regular security reports to senior management, including risk analysis, threat assessments, and incident response activities.
Qualifications:
1. Degree level qualifications in Information Technology, Cybersecurity, or a related field.
2. Minimum of 3 years of experience in information security, with a proven track record of managing security programs and teams.
3. Strong knowledge of security frameworks and standards, such as NIST, ISO 27001, Centre for Internet Security (CIS), and SOC 2.
4. Experience with risk management, incident response, and disaster recovery planning.
5. Expertise in security tools and technologies such as firewalls, encryption, intrusion detection/prevention systems, and endpoint security.
6. In-depth understanding of security protocols, threat intelligence, and security architecture.
7. Strong analytical and problem-solving skills, with the ability to make data-driven decisions.
8. Excellent communication and interpersonal skills, with the ability to collaborate effectively across teams and with senior leadership.
9. Certifications such as CISSP, CISM, CISA, or similar are highly preferred.
Desired Skills:
1. Familiarity with cloud security principles and tools (e.g., AWS, Azure).
2. Experience with penetration testing and ethical hacking.
3. Ability to manage security budgets and vendor relationships.
4. Experience with IT governance and compliance frameworks (e.g., ISO 27001, SOX, PCI DSS).
Opportunities for professional development and certifications. A dynamic and collaborative work environment.
#J-18808-Ljbffr