Information Security Manager

SENIOR INFORMATION SECURITY MANAGER:

S-RM TECHNOLOGY TEAM

WHO WE ARE

S-RM is a global intelligence and cyber security consultancy. Since 2005, we've helped some of the most sophisticated clients in the world solve some of their toughest strategic challenges.

We've been able to do this because of our outstanding people. We're committed to developing bright, curious, driven individuals who want to think critically, solve complex problems, and achieve success.

But we also know that work isn't everything. It's about the lives and careers it helps us build. We're immensely proud of this culture and we invest in our people's wellbeing, learning, and ideas every day.

We're excited you're thinking about joining us.

THE ROLE

As the Information Security Manager, you'll play a vital role in the ongoing improvement of S-RM's security posture. This role will be a joining the broader technology function in supporting S-RM through all nine offices and all functions. This role will provide the opportunity for candidates wanting to get exposure to the full breadth of information security including the GRC and technical aspects.

The successful candidate will report to our Head of IT Service & Operations and work across the full spectrum of information security at S-RM. Their skills should include but not be limited to:

• Building and delivering KPIs presentations to senior leadership and heads of departments.
• Working with Technology Operations to deploy companywide phishing tests, track and report on the results.
• Deploy company-wide security awareness training using company approved training platform and contribute to the evaluation of effectiveness of the selected training platform.
• Coordinate team effort in the investigation and containment activities in the internal incident response team.
• Maintaining and monitoring SOPs.
• Manage exceptions to organisation-wide security policies.
• Lead and complete assurance on technical security controls and technical design on both new and existing solutions in the application portfolio. Subsequently work with the business to close out identified gaps identified as part of the assurance process.
• Consult the rest of the business and represent Information Security in key forums, e.g. Project teams, Executive Committee, DevOps, IT Operations, Risk and Compliance and Legal to ensure that security standards are met and adhered to.
• Manage the supplier evaluation process and action findings identified from the process for RFP/RFIs requested from the business and internal supplier evaluation requirements.
• Coordinate the delivery of companies Incident Response and Disaster Recovery tabletop exercises and planned failover tests.
• Provide input to organisational risk registers, based on knowledge of current and emerging information security risk and known vulnerabilities within existing controls.
• Build and maintain positive stakeholder relationships at all levels of the organisation as well as with key external stakeholders (including clients, certification bodies and external consultants).
• Develop the roadmap of InfoSec projects, drive the delivery of the roadmap and track completion progress.
• Provide input in InfoSec budget planning, covering investment in BAU as well as InfoSec project work
• Compliance
• Develop and implement and support in the maintenance of organisation-wide security policies and processes that are aligned with ISO27001:2022, CIS and NIST frameworks.
• Managing internal and external audit programmes and maintenance of established frameworks such as ISO27001 and Cyber Essentials and other frameworks where required.
• Manage remediation process following external audits and internal security assessments. Includes coordination of pentest findings, vuln scan findings and CIS benchmark reviews but does not involve implementation of the fixes.
• The role will be based in our London office; however we have flexible working arrangements available.

The role will be based in our London offices, however we have flexible working arrangements available.

WHAT WE'RE LOOKING FOR

We think candidates with the following attributes and qualifications are likely to succeed as a Corporate Intelligence senior analyst. That said, if you don't think you meet all of the criteria below but still are interested in the job, please apply. Nobody checks every box-we're looking for candidates that are particularly strong in a few areas, and have some interest and capabilities in others.

The ideal candidates will possess:

• Extensive experience in Information Security leadership roles;
• Experience interacting with a varied level of internal stakeholders
  • This would include our entry llevel staff to board/exec level
  • The ideal candidate will have the ability to clearly translate technical language for the business
• Experience with Governance frameworks
  • ISO 270001 is a minimum requirement for this position
  • SOC2 exposure would be beneficial
• CISSP or similar security qualification will be a requirement for this position

S-RM is still growing and developing and any candidates with experience maturing information security departments/teams will be beneficial.

Candidates must have permission to work in the UK by the start of their employment.

OUR BENEFITS

We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside it, this includes but is not exhaustive of:

• 25 days holiday per year in addition to bank holidays (+1 day for every year of service up to a maximum of 30 days in total);
• Hybrid working and flexible working hours;
• Matching pension contribution up to 7% (up to a maximum of 14% combined), and financial education;
• Life Insurance 4X annual salary.

Parental Support:

• Fertility treatment leave - 5 days of leave per cycle of treatment per year;
• Maternity leave - 26 weeks of full pay followed by 13 weeks of half pay;
• Paternity leave - 6 weeks of full pay.

Various Health and Medical Benefits including:

• Private dental and medical insurance (taxable benefit) for you and your family;
• Virtual GP for you and your family members that live in the same household;
• Various gym discounts for you and your partner;
• EAP programme for you and your immediate family;
• Free access to the world-famous mindfulness app Headspace.

THE APPLICATION PROCESS

To apply for this role, please submit your CV directly to this LinkedIn ad.

The application process will include:

1. An interview with the technical team
2. A second interview with the broader information technology team
3. A final interview with Senior management at S-RM