Information Security Manager
Redditch, England, United Kingdom
Arcus are recruiting for an Information Security Manager to be responsible for leading, implementing and managing the Information Security Management System, while building a new Information Security risk management process and integrate into the wider Arcus risk management model.
Responsibilities
As the Information Security Manager, you will work with the IT teams to govern day-to-day information security compliance e.g. Malware Protection, Security Incidents, Intrusion Detection Systems, Patch management compliance etc. Other duties include;
Conceptualise and implement an ISO 27001:2013 and GDPR compliant management system.
Manage the IT Security workstream of initiatives, in order to improve information security within the organisation
Integrate the new ISMS into the current Arcus Integrated Management System working with the Audit & Governance team.
Draft and implement Information Security policies throughout the group.
Collaborate with key stakeholders and business owners for relevant disciplines, i.e. HR, IT, Audit & Governance, etc.
Provide expert advice and assurance on Information Security related activities to key personnel within the business, including the Board.
Innovate and introduce new practices, including technology recommendations for Information Security based on industry good practice.
In conjunction with the Audit & Governance team, conduct internal audits of the business functions with the criteria being: the Arcus management system, industry practice, applicable standards and legislation, and ISO 27001:2013.
Build and maintain strong relationships with internal personnel and relevant certification, registration and regulatory bodies.
Create and lead the ongoing awareness and training campaign for Information Security for all Arcus personnel working at all levels, delivering group training sessions where necessary.
Manage security incidents to closure
Collaborate on IT risk management
Coordinate the regular internal and external audit activities including organising participants and managing resulting actions
Manage internal Security communications program
Compile and Manage group wide security and compliance metrics reporting
Work with business and technical functions to align policy to practice and vice versa
Qualifications
The successful candidate will have a demonstrable track record of administering security in Server, Desktop and Network environments, and technical experience of malware protection and data protection technologies. Other requirements include;
Project Management, or project lead experience
Experience implementing and managing an ISO 27001:2013 certified management system.
Expert and proven working knowledge of ISO 27001:2013 and GDPR.
Strong knowledge of current Information Security threats and trends.
Experience working in a multi-client environment.
Exceptional communicator to all levels of the organisation.
Experience of training personnel with different competencies.
Able to work in a fast-paced, challenging environment independently.
Strong stakeholder management and organisation skills.
Agile approach to working.
Experience of project management.
Certified Information Security Manager (CISM) qualification is desirable.
ISO 27001:2013 or ISO 9001:2015 internal audit qualification is desirable.
PRINCE2 Foundation / Practitioner is desirable.
Knowledge of ISO 9001:2015 is desirable.
Benefits of Working at Arcus:
Salary: £58,000 - £ 63,000
Up to 10% discretionary bonus scheme, subject to achievement of targets
Car allowance £5,549
25 days annual leave + Bank Holidays
Contributory pension scheme of matched contributions between 5% and 6%
Life Assurance
Salary Sacrifice Electronic Vehicle Scheme