IT Security & Compliance Manager
Security and Compliance Manager
Do you have proven IT risk management, data security, best practice and compliance areas?
Strong awareness of current tech in relation to threat opportunities in a consumer led environment?
You have either CISM, CISSP, CISMP or CRISC qualifications?
MacGregor Black is currently partnering with a Consumer Goods Business, on the search Security and Compliance Manager. This is a permanent role based in Windermere.
As the Security and Compliance Manager, you will have accountability for overall IT risk management, areas of compliance and governance. Supporting the security and availability of systems whilst ensuring data integrity is not compromised.
- Accountability for the production, distribution, embedding and monitoring of adherence to a range of company Information Security policies and procedures. Continually monitor the effectiveness of Information Security policies and promote improvements where necessary ensuring that policies remain current, relevant and a structure process for review exists.
- Provide expert advice to the wider business on Information Security policies and procedures, and where required conduct training to end users to promote awareness for ensuring Information Security guidance and best practice expectations are met.
- Contribute in a key capacity in relation to all proposed systems and process change by ensuring that all proposed change doesn’t contravene any policies, frameworks, best practice and areas of compliance and that business risk appetite is understood and managed to ensure no unintended increase to business risk. Alongside the IT Development Manager you will jointly assume a systems and data guardian role in relation to change sign-off.
- Manage 3rd party security and compliance relationships ensuring that regular structured service reviews are conducted to meet contractual and service expectations whilst ensuring areas of risk remain monitored and tracked. You will hold accountability for ensuring that annual risk assessments, penetration testing and phishing campaigns are conducted, whilst supporting safe 3rd party on-boarding. You will ensure that our digital footprint remains monitored with any findings documented and effectively and accurately reported on and managed.
- Ownership of the IT risk register and the progress to resolution of findings and provide relevant reporting on all areas of risk and compliance suitable for differing audiences from executive to technical.
- Define and perform internal audits in relation to quality, information security and data protection, producing clear and actionable findings and supporting business teams to implement these actions.
- Responsibility for owning and managing annual compliance assessments and IT audits ensuring that timely implementation of all audit recommendations related to compliance are achieved to ensure the company remains compliant in all current areas of compliance and support the introduction of newly required areas of compliance from discovery, implementation and future monitoring.
- Accountability for ensuring that annual Incident Response Planning workshops are conducted and that we build and maintain relevant and robust Business Continuity and Disaster Recovery plans.
- Monitor industry trends and areas of best practice to make recommendations for introduction to the business.
What are we looking for?
- Previous experience in a similar security, compliance and overall governance role where you would have held accountability for Information Security
- Experience of undertaking Information Security risk assessments and audits
- Proven experience in IT risk management, data security, best practice and compliance areas such as PCI DSS, GDPR, ISO27001 and Cyber Essentials
- A fundamental technical understanding and experience of IT systems, solutions, data and systems architecture
- An understanding of common reporting tools
- Proven experience of writing process frameworks, policies and procedures and maintaining the relevancy and accuracy of
- Strong awareness of current technology and in relation the associated threat landscapes
- You may hold CISM, CISSP, CISMP, CRISC or other appropriate qualifications
- Proven track record of managing critical outages demonstrating clear incident management skills including prioritisation and communication
- Experience of building relationships at all levels and experience of managing 3rd party relationships
- Strong analytical skills and the ability to draw meaningful conclusions and recommendations around incident management
- Can effectively discuss IT systems in a common language with all levels of colleagues
- Can operate under pressure
- A high level of accuracy, attention to detail and conscientiousness
- Ability to understands how information security fits into a company commercially, balancing best practice with the reality of business process and procedures
- Ability to train either 1-1, virtually or in a classroom format to varying sizes of audiences