Information Security Policy and Standards Manager

Information Security Policy and Standards Manager

Contract

Berkshire

A little about what you can expect to be doing and the work you will be involved with.

• Creating and maintaining Information Security Risk Policy Suite S
• Supporting Control Standards and the Information Security Framework/Governance Model in line with legal and regulatory requirements.
• Ensuring that the policy and standards are fit for purpose, are current and correctly implemented.
• Maintaining the mapping of all controls from applicable standards and frameworks to ISO27000.
• Developing the metrics for the timely reporting on the performance of security policy and standards adherence.
• Providing inputs to the Technology & Operations team's sourcing capabilities to ensure policies, standards and guidelines are up to date and relevant for the services being contracted for.

An overview of your day to day responsibilities and what you can expect to be doing

• Provide all necessary policy for Information Security, in line with strategic aims outlined by the Security Director.
• Engage stakeholders at all levels where appropriate to 'lobby' policy change and improvement.
• Reviewing, digesting and applying knowledge of the working world of Information Security standards and legislation.
• Reporting both up and down the various business departments about any and all policy violations that pertain to Information Security Technology and the impact of said violations.
• Operate the reporting of control management and adherence to the standards and legislation required of the company and identified by the Security Director.
• Manage the day to day 2nd line challenge of waivers and risk acceptances raised against the Information Risk Principal Risk policy.
• Make recommendations for challenge or approval in line with operational risk policy up to and including executive level.

To be successful in this role:

You will need to demonstrate strong stakeholder management skills

You may have experience working in a Senior Position, but you will most certainly have an expert level knowledge in PCI DSS and/or ISO27001, IT Security Risk Management tools and will be qualified or suitably accredited.

Essential one of: CISSP, CISM, CISA and Degree in Information Security

We look forward to getting to know you and you can expect us to question and learn more about your experience with a focus on ISO27000, PCI DSS, TSR and NIST 800.

Project People is acting as an Employment Business in relation to this vacancy.