Security Assurance Manager
Security Governance and Compliance Manager
My client, a financial services organisation based in Staines are currently looking for a Governance and Compliance Manager to join their expanding Security function. This is an exciting time to join them in a newly created role, where you will be leading a small team. Ideally you will have experience working with and setting up control frameworks inline with an ISO27001/2 certified environment.
If you are looking for a new challenge, within an organisation with significant board level buy in who wholly recognise the importance of security to business success, then please get in touch for more details.
- To develop and manage the key capabilities listed below:
- Awareness Training programme
- Security Policies
- Management & Governance Reporting
- IT controls reviews (including regulatory requirements).
- Vendor Account Management
- Support the identification and understanding any security event alerts - as part of risk assessment activities.
- Support management of security incidents.
- Responsible for identifying opportunities for improvement and in some instances owning the delivery of introducing such improvements.
- Support the Information Security Team on other risk management activities where necessary.
- The ability to build security policy into key projects.
- Strong understanding of 3rd party supplier security risk
- Ideally have a good understanding of application security and infrastructure security
- Ability to manage Business and IT stakeholders
- Good communicator, with the ability to communicate with technical and non technical stakeholders.
- Excellent track record of risk management delivery.
- Strong vendor management skills and experience of performing structured risk assessments and delivering security guidance
- Strong understanding, and recent experience of managing common threats associated with 3rd party supplier channels
- In depth knowledge and experience of the following regulatory requirements.
- ISO27001 Information Security Management
- ISO27002 Information Security Code of Practise
- ISO 31000 Risk Management
- DSS PCI
- SOX and/or JSOX
- At least five years' experience in a similar information assurance focused role.
- CISSP is desirable.
- Experience of operating within an ISO27001 certified environment
- Experience of ITIL and/or Prince2 would be desirable.
To apply for the role please send your CV to (see below) Or for more information call Mary.