| Job Title: | Information Security Manager |
| Contract Type: | Contract |
| Location: | Reading |
| Industry: | |
| Salary: | Negotiable |
| Start Date: | ASAP |
| Duration: | 3-6 Months |
| REF: | SB/CON/ISP_1679654679 |
| Contact Name: | Sneha Betharia |
| Contact Email: | sneha.betharia@projectpeople.com |
| Job Published: | about 2 years ago |
Job Description
Role: Information Security Policy and Standards Manager
Type: 3-6 month contract
Location: Reading/Hybrid - 2 days per week Onsite
We are looking for Information Security Policy and Standards Manager with expert level knowledge in PCI DSS and/or ISO27001, IT Security Risk Management tools to join one of the leading telecom brands.
Job Context
* Creates and maintains Information Security Risk Policy Suite, supporting Control
Standards and the Information Security Framework/Governance Model in line with legal
and regulatory requirements.
* Ensures that the policy and standards are fit for purpose, current and are correctly
implemented.
* Maintain the mapping of all controls from applicable standards and frameworks to
ISO27000.
* Develops appropriate metrics for the timely reporting on the performance of security
policy and standards adherence.
* Provides inputs to the Technology & Operations team's sourcing capabilities to ensure
policies, standards and guidelines are up to dates and relevant for the services being
contracted for.
Responsibilities
* Provide all necessary policy for Information Security, in line with strategic aims
outlined by the Security Director.
* Engage stakeholders at all levels where appropriate to 'lobby' policy change and
improvement.
* Reviewing, digesting and applying knowledge of the working world of Information
Security standards and legislation. Focus on ISO27000, PCI DSS,
TSR and NIST 800 is expected.
* Reporting both up and down the various business departments about any and all policy
violations that pertain to Information Security Technology and the impact of said
violations.
* Operate the reporting of control management and adherence across company regarding the
standards and legislation required of the company and identified by the Security Director.
* Manage the day to day 2nd line challenge of waivers and risk acceptances raised against
the Information Risk Principal Risk policy.
* Make recommendations for challenge or approval in line with operational risk policy up to
and including executive level.
Experience
Experience working in a Senior Position, with expert level knowledge in PCI DSS and/or
ISO27001, IT Security Risk Management tools.
Essential:
One of:
* CISSP
* CISM
* CISA
* Degree in Information Security
Desirable
* ISO27001 LA
- * ISO27001 LI
If this looks interesting, click on APPLY!
Project People is acting as an Employment Business in relation to this vacancy.
