Security Assurance Manager

Recruiter
Sanderson Recruitment Plc
Location
Surrey
Salary
50000.00 - 65000.00 GBP Annual + benefits
Posted
18 May 2017
Closes
24 May 2017
Category
Accounting
Function
Consultant
Contract Type
Permanent
Hours
Full Time

Security Governance and Compliance Manager

My client, a financial services organisation based in Staines are currently looking for a Governance and Compliance Manager to join their expanding Security function. This is an exciting time to join them in a newly created role, where you will be leading a small team. Ideally you will have experience working with and setting up control frameworks inline with an ISO27001/2 certified environment.

If you are looking for a new challenge, within an organisation with significant board level buy in who wholly recognise the importance of security to business success, then please get in touch for more details.

The Role

  • To develop and manage the key capabilities listed below:
    • Awareness Training programme
    • Security Policies
    • Management & Governance Reporting
    • IT controls reviews (including regulatory requirements).
    • Vendor Account Management
  • Support the identification and understanding any security event alerts - as part of risk assessment activities.
  • Support management of security incidents.
  • Responsible for identifying opportunities for improvement and in some instances owning the delivery of introducing such improvements.
  • Support the Information Security Team on other risk management activities where necessary.

Person Specification

  • The ability to build security policy into key projects.
  • Strong understanding of 3rd party supplier security risk
  • Ideally have a good understanding of application security and infrastructure security
  • Ability to manage Business and IT stakeholders
  • Good communicator, with the ability to communicate with technical and non technical stakeholders.
  • Excellent track record of risk management delivery.
  • Strong vendor management skills and experience of performing structured risk assessments and delivering security guidance
  • Strong understanding, and recent experience of managing common threats associated with 3rd party supplier channels
  • In depth knowledge and experience of the following regulatory requirements.
    • ISO27001 Information Security Management
    • ISO27002 Information Security Code of Practise
    • ISO 31000 Risk Management
    • DSS PCI
    • ISAE
    • SOX and/or JSOX
  • At least five years' experience in a similar information assurance focused role.
  • CISSP is desirable.
  • Experience of operating within an ISO27001 certified environment
  • Experience of ITIL and/or Prince2 would be desirable.

To apply for the role please send your CV to (see below) Or for more information call Mary.