Head of Information Security - 80-100k - Manchester
The role of the Head of Information Security is to own, implement and drive all elements of security policies tools, technologies and standards for the organisation.
You will be responsible for ensuring all security policies and standards are deployed and policy management platforms are in place to ensure employee engagement and attestation through the business for a full certification of ISO 27001 and SOC Compliance.
You will be responsible for determining the Cybersecurity framework to ensure our technical position is secure. This involves planning and presenting to the board for a full Cyber programme considering tactical and strategic remediation, as well as long term product development opportunities. You will develop and manage a governance structure that involves key stakeholder monthly meetings to ensure progress on a risk register, as well as liaise with risk owners to provide assistance with policy, process or technical control implementation.
Develop, own and further define IT security strategies, frameworks and policies.Identify IT Security gaps and weaknesses and develop strategies to close themConfigure, implement, monitor, and support security software/systems that will help ensure compliance with regulatory, industry, and corporate policies and standards such as: SIEM, IDS/IPS, HIDS, malware analysis, logical access controls, identity and access management, data loss prevention, vulnerability scanning, forensics software etc.Implement a threat and vulnerability management program to include ongoing penetration testing, vulnerability scanning, data loss prevention, and threat assessments for products and services.Implement modern, effective, pragmatic controls and solutions conducive with a modern software company.Recommend and enforce minimum security baselines for IT platforms and technologies groupwide.Implement proactive change to comply with standards such as SOC2 and ISO27001/2.Create and maintain data security documentation, policies, standards, and procedures.Research and maintain a deep knowledge and awareness of information security trends, alerts, laws and regulations.Drive progressive IT Security change and maturity improvement into our culture.Promote the need for continuous security improvement across the group in line with the established ISMS and IT Architecture principles.Provide advice and consultancy in relation to infrastructure and application development, Cloud architecture and Azure Cloud from the IT Security standpoint.