Information Security Manager

Lead the strategy and implementation of security measures, ensuring a secure IT environment and compliance with Cyber Essentials+ and ISO 27001. While this role is within the technology function, the ideal candidate should be self-motivated and proactive in enhancing security throughout the organisation, evaluating maturity, setting priorities, and recommending necessary changes.

Client Details

Everything about CSL is designed to keep our customers connected, secure and live. Simplicity, service and reliability have been at the heart of everything we do since CSL was founded in 1996. The sectors we work in and applications we connect are at the highest end of critical communications. Critical connectivity can be complex but we make it easy. Our partnerships with all the major Mobile Network Operators, Monitoring Centres and Installers, allows us to deliver complete end-to-end connectivity solutions. Whether it's 4G, IP, xDSL, or FTTC, we have the knowledge, expertise and ability to deliver the best combination for your connectivity requirements.

Description

Duties & Responsibilities:This role will encompass a range of responsibilities including but not limited to: Information Security Policy and Standard definition and rollout to align CSL with relevant industry frameworksand certifications. Ensure compliance and adherence to the standards leading to successful external audit outcomes whilstdriving continuous improvement within the business through internal audit and other collaborativeengagement across tech and the business overall. Champion and drive Information Security Awareness and education company wide. Ensure the confidentiality, integrity and accessibility of our customer supporting and internal IT infrastructure& systems in line with business requirements and best practice. Work with IT engineers to ensure operational controls are in place supporting the standards and policies andwith Cyber Security Engineers that detection and response capability is in place and effective. Respond rapidly to IT security incidents managing both our internal response as well as any required externalparties including digital forensics and/or regulatory bodies to ensure the investigation, containment,remediation and reporting of security events are handled effectively and appropriately. Lead and manage IT change projects and initiatives as relevant to Information Security such as penetrationtesting activity, vulnerability scanning and remediation, identity and access enhancements and other projectsto eliminate gaps to the standard, drive improvement or as a consequence of a decision to mitigate risk. Engage with the technology leadership team to embed secure by design practices into change projects toensure the outcomes and deliveries of those teams have tackled the relevant security and availability relatednon-functional requirements. Ensure systems and data are recoverable in line with business RPO and RTO goals, and work with theleadership team to define them if required. Establish and manage a Governance, Risk and compliance framework that ensures that appropriate input iscaptured, reported upon and followed up on in order to ensure risks are actively managed. Support CSL new business acquisition / sales through leading with new and existing accounts on informationsecurity topics as part of the pre-sales engagements. Ensure CSLs successful transition from ISO 27001:2013 to ISO 27001:2022 and ongoing maintenance of thecertification.

Profile

Key Skills & Qualifications Sought: ISO 27001 Lead Auditor CISSP - Certified Information Systems Security Professional Experience working with public cloud and an understanding of the toolsets they provide for governance andcompliance Hands on experience with SIEM, Cloud Vendor compliance tools, EDR/XDR and other anomaly detectioncapability. ITIL v3 Foundation or greater Cisco Network and Security Products e.g firepower, routers, duo etc. Encryption fundamentals including HTTPS, SSL, AES-256, PGP Secure system maintenance including requirements for patching and recoverability Solid knowledge and experience of information security principles, frameworks and standards such as ISO27001, NIST, GDPR, Cyber Essentials+ and SOC2

Job Offer

25 days holiday, increasing with service

Annual bonus and salary review

Free on site parking