Information Security Manager

Role: Information Security Policy and Standards Manager

Type: 3-6 month contract

Location: Reading/Hybrid - 2 days per week Onsite

We are looking for Information Security Policy and Standards Manager with expert level knowledge in PCI DSS and/or ISO27001, IT Security Risk Management tools to join one of the leading telecom brands.

Job Context

* Creates and maintains Information Security Risk Policy Suite, supporting Control

Standards and the Information Security Framework/Governance Model in line with legal

and regulatory requirements.

* Ensures that the policy and standards are fit for purpose, current and are correctly

implemented.

* Maintain the mapping of all controls from applicable standards and frameworks to

ISO27000.

* Develops appropriate metrics for the timely reporting on the performance of security

policy and standards adherence.

* Provides inputs to the Technology & Operations team's sourcing capabilities to ensure

policies, standards and guidelines are up to dates and relevant for the services being

contracted for.

Responsibilities

* Provide all necessary policy for Information Security, in line with strategic aims

outlined by the Security Director.

* Engage stakeholders at all levels where appropriate to 'lobby' policy change and

improvement.

* Reviewing, digesting and applying knowledge of the working world of Information

Security standards and legislation. Focus on ISO27000, PCI DSS,

TSR and NIST 800 is expected.

* Reporting both up and down the various business departments about any and all policy

violations that pertain to Information Security Technology and the impact of said

violations.

* Operate the reporting of control management and adherence across company regarding the

standards and legislation required of the company and identified by the Security Director.

* Manage the day to day 2nd line challenge of waivers and risk acceptances raised against

the Information Risk Principal Risk policy.

* Make recommendations for challenge or approval in line with operational risk policy up to

and including executive level.

Experience

Experience working in a Senior Position, with expert level knowledge in PCI DSS and/or

ISO27001, IT Security Risk Management tools.

Essential:

One of:

* CISSP

* CISM

* CISA

* Degree in Information Security

Desirable

* ISO27001 LA

• * ISO27001 LI

If this looks interesting, click on APPLY!

Project People is acting as an Employment Business in relation to this vacancy.