Information Security Manager Core Asset Consulting

Our client, a leading financial services firm based in Newcastle, is looking to recruit an Information Security Manager to join on an initial 3-month fixed term contract.

The successful candidate will lead information security for the firm, ensuring corporate and client data is protected and compliant with legal and internal standards.

Essential Skills/Experience:
Proven track record of implementing information security practices within a large and diverse organisation.
Evidence of competency in the creation and implementation of Information security solutions, procedures and practices.
Solid technical knowledge and experience on security technologies (like Endpoint protection, Mobile Security, Data Protection, Cloud Security, etc.) and on cyber security capabilities (SIEM, SOC, CERT, Vulnerability Management, Threat intelligence etc.)
Strong knowledge of main Information Security standards and framework (ISO27001, ISO22301, ISF, NIST, COBIT.)
Good background in information management, with clear understanding of the challenges of Information and IT security.
A good understanding and experience of implementing information security within cloud-based environments.
Experience and skills in the project management of corporate Information security projects.
Excellent oral and written communications skills, as well as ability to present and explain information security in a way that establishes rapport, persuades others, and gains understanding across the organisation.
Certifications on Information Security (e.g. CISSP, CISM, ISO27001, ISO22301 etc.) beneficial.
Core Responsibilities:
Provide consultancy across the business (UK & Internationally as required) to ensure relevant and appropriate information security controls are applied to ensure both the departmental and business objectives are met.
Liaise with management and business users, to understand business goals, priorities, and information needs, and to recommend information security practices and solutions in line with business requirements.
Manage security assessments, based on leading information security standard ISO 27001:2022. This includes oversight on physical & corporate security, in alignment with the local facility teams.
Ensure alignment of solutions to the corporate and divisional strategies by balancing the business requirements with the security constraints and risks.
Liaise with the various business units across the firm to ensure our business processes are conducted in a safe and secure manner and meet our business requirements.
Keep abreast of the current security threat landscape and provide relevant and up to date guidance on proposed information security risks to the business.
Keep abreast of developments in IT and Information security and offer guidance and consultancy to ensure both suitability and sustainability of IT and Information security strategies.
Understand and ensure compliance to relevant legislation and corporate policies in relation to information security (e.g. GDPR, OFGEM requirements).
Provide a Risk Management approach to ensure Information security solutions and controls are commensurate to the business risks and risk appetite.
Develop and maintain an information security strategy in alignment with the firm’s strategy.
Ensure the relevant policies, plans and procedures, in relation to business continuity and crisis management, based on firm requirements, are developed and applied to minimise disruption to the business in the event of an incident occurring.
Liaise with internal staff and external companies to ensure optimum solutions are chosen.
Ensure compliance & adoption of corporate and local policies and security standards.
Escalate risks and issues to the appropriate levels and ensure a timely resolution to actions raised.