Security & Risk Manager
Security & Risk Manager
Over the last 20 years, Zen Internet has grown from a pioneering ISP into a company that provides the full range of data, voice and hosting services to business and residential customers across the UK.
Included in our numerous awards for providing excellent service to our customers, we've recently been recognised as one the best companies to work for in the UK.
We now have a brand new opportunity for a Security & Risk Manager to join the business
Working as an integral part of the Network & Infrastructure (N&I) team, but operating across the whole company, the Security & Risk Manager is responsible for managing, maintaining and improving the information security processes (ISO 27001, PCI-DSS, PSN), testing and governance within Zen.
This high profile role will engage with the wider business and key stakeholders to own and drive forward the continuous improvement of security practices and risk management in Zen and will be accountable to the ISMS Manager for continuing to achieve the highest levels of accreditation and industry standards.
You'll ensure that all areas of the business understand their responsibilities, and have the best possible tools and processes in place to enable and maintain compliance.
The Security & Risk Manager will act as subject matter expert and will work closely with both the N&I teams and the company as a whole. You'll be actively involved in large projects across the company to ensure our products are secure by design and will also be responsible for being and keeping the organisation aware of emerging threats, and to providing remediation and IT security management plans.
This role will also have a particular focus on IT Security Audits (internal & with external 3rd parties).
For the right person, this role provides an excellent opportunity to make a real, tangible impact on the organisation, with a view to eventually designing, creating, and managing, a fully-fledged SOC
- Previous experience in a similar with a strong technical background, a good knowledge of IT security and risk management best practices.
- Experience of, and exposure to, a wide range of security technologies.
- A solid understanding of Risk Management, PCI DSS and ISO 27001:2013 compliance
- Deep understanding of the Data Protection Act 1998 and the upcoming General Data Protection Regulation (GDPR)
- Strong experience of managing third party suppliers/vendors
- Ability to establish and maintain relationships in a complex organisation
- Ability to influence others to promote good working practices or to change opinions in situations where opposing views are held and present outcomes articulately
- CISSP certification or similar is desirable but not essential.
- Strong understanding of risk assessments, record keeping and risk management.
- Ability to communicate security updates, incidents and training across all levels of the business.
- Previously engaged with 3rd party vendors in regards to any penetration testing, outside training, product consultancy services