TITLE: IT Security/Information Risk Manager
LOCATION: London, UK
RELOCATION/VISA: Need to have a relevant visa
SALARY: £50-55K+ Package + Bonus
COMPANY: On request
KEY REQUIREMENTS:
The candidate should have experience of data protection, security, risk and compliance related matters preferably gained within a regulated and/or marketing services environment.
She/He should be able to demonstrate experience of:
- Building and deploying effective data protection, data security and Information Security Management processes from starting point, as well as their ongoing, management, review, audit and enforcement
- Compliance in organisations that rely on a partially outsourced model
As well as:
- Proactive and hands on approach
- A thorough knowledge of the practical application of Data Protection and Privacy and Electronic Communication laws
- Being conversant with security best practice including BS27001/ISO27001 – ideally have authored corporate security policies as well as specific technology security policies
- Ability to balance risk analysis with marketing opportunities and make sound recommendations
- Excellent communication, negotiation and presentation skills
DESIRABLE BUT NOT ESSENTIAL:
- Principles of good network design
- CISM/CISSP qualified
- BS27001/ISO27001 conversant
- Familiar with generic IT audit practices/methodologies
- Experience in dealing with outsourced hosting and development partners
- Experience in security/fraud investigations
- Audit and compliance activity in a regulated industry (eg FSA)
- Leadership/management experience.
JOB DESCRIPTION:
Responsibilities of IT Security/Information Risk Manager:
- Promote and ensure compliance with all data protection and security requirements, legal and self-regulatory requirements, industry standards and best practice methodologies
- Ownership for all issues concerning data throughout the Group (including policies and procedures, data security, data protection compliance and training).
- To oversee the implementation of technologies and procedures to detect occurrences of misuse and in providing support to investigations where misuse has been detected.
Specific responsibilities will include:
- Review of all data flows in and out of all Group businesses to ensure that appropriate technical and organisational measures are in place to properly secure all data.
- Ownership, management, audit and enforcement of all data management and security policies and procedures
- Managing the Group’s response to prospective sponsors/clients due diligence on data security
- Managing and coordinating DPA reviews, assessing outcomes and approving data access.
- Managing fraud and incident investigations, liaising with all appropriate internal and external parties.
- Performing data risk reviews as part of acquisition due diligence
- Creation or approval of all aspects of technical designs from a security perspective (including networks, Servers, OS, databases, Middleware and code)
- Leading periodic audits of IT Services (including penetration tests) and preparing for external audits.
- Reviewing and providing sign off for project releases to ensure compliance to security design requirements and test criteria, including participation in architectural and design reviews.
- Reviewing project and change pipelines for changes/initiatives with security implications
- Maintaining and managing Risk Register of key vulnerabilities and mitigations according to impact, probability and proximity.
- Regularly reviewing security inputs (such as hosting reports, starters and leavers reports etc) to determine mitigation efficiency.
FURTHER INFORMATION:
Start date: ASAP
Duration: Permanent
Click here to apply for this position.
