My Shortlist

Your shortlisted jobs will appear here. To view your shortlist, please login or register

DATE ADDED: Tue 15/10/2019

Information Security GRC Manager

New Town Row, UK


JOB TYPE: Permanent, FullTime

**Information Security GRC Manager £550600pd Birmingham**

The Information Security Governance, Risk and Compliance (IS GRC) Manager will be responsible for managing ISO27001 compliant Information Security Management System (ISMS), and business alignment with NIST, NIS(D). The ISMS cater for multiple complex IT environments and business processes.

Working closely with the Chief Information Security Officer (CISO), the IS GRC Manager will collaborate closely with key stakeholders across the business, suppliers and the information security team to protect important information assets Confidentiality, Integrity and Availability; maintain certifications and compliance; achieve alignment with industry standards and best practice.

Role Accountabilities

\* Maintain all elements of the ISMS documentation, including Policies, Standards, Controls, associated registers, compliance testing and SharePoint repository;

\* Embedding and improving the ISMS controls across the 1st line of defence operation and roadmap;

\* Conduct controls effectiveness assurance reviews against selected areas, risk assessing and prioritising the output with business owners and the Information Security Board;

\* Provide advice, guidance and audit support to control owners;

\* Recertification to ISO27001, by maintaining the ISMS and requisite ongoing improvements, to ensure the client maintains its certification;

\* Working with both internal and external auditors;

\* Continual maturity improvement of security culture, via the delivery of a security training and awareness programme and associated activities both general and specific;

\* Ensuring that key 3rd party suppliers are measured against the ISO27001 control framework and any identified risks managed within the risk appetite;

\* Day to day SME advice and guidance for change activity relating to implementation against group policy, standards and controls;

\* Risk Management, identify, assess and manage information security risks across organisation;

\* Develop the Information Security Risk Management framework,

\* Ensure that it aligns and feeds into the organisations broader corporate risk,

\* Performing risk analysis,

\* Tracking and managing risk identified from various sources (e.g. Information Security Risk Assessment, Audit, Security Tests, etc),

\* Disseminating appropriate risk information to various levels within the organisation, as needed;

\* Monitor evolving threat landscape and be intelligence led to factor in risk assessments;

\* Information Security GRC reporting for the Information Security Steering committee, and Information Security Board;

\* Prepare and run ISMS Working Group in line with established terms of reference;

\* Provide Information Security update as appropriate to the Risk and Audit Committee;
Advertised through Zoek d55675215e654f289e62d02620ad44d510