Information Security Manager-MyTechnology

Information Security Manager
Remote – with travel to our Warrington Office
Full time, Permanent
Salary - £50,000 - £60,000 per annum dependent on experience plus company car

Here at Serco, we are looking for an Information Security Manager who will take operational ownership and accountability of all information security management processes for one or more contracts. You will manage and audit contracts to ISO27001 certification/alignment and ensure that the contracts are compliant to data protection legislation through close interaction with contract Data Protection Champions (DPCs) and senior management.

As part of this you’ll:

You’ll be required to take operational ownership of all information security management processes across multiple sites, including:  

• Information security risk management.  
• Information security incident management.  
• Information security assurance activities.  
• Establishment and management of an Information Security Management Forum. 
• Support the role of DPC for GDPR/DPA 2018 compliance.  
• Support projects and design activities, including:  

                - security factors such as HMG policy and good practice,  

                - assurance requirements,  

                - technical requirements,  

                - recommendations of security technologies and controls,  

                - physical security requirements,  

                - personnel and / or procedural requirements. 

                - review of new technologies and data protection compliance requirements  

• Adopt a proactive approach to security management and security assurance coordination, ensuring smooth running of scheduled activities (pen-tests, security documentation review) and gaining the trust of key stakeholders (including customer representatives and accreditors).  

• Engage with external audit and assurance providers, including IT Security Health Check suppliers, scoping test plans and helping stakeholders interpret test results, as well as supporting implementation of any remedial actions, where required.  

• Implement the Business Unit Information Security Policy and related processes and procedures in line with ISO27001 and Government policies. Undertake gap analyses against formal security frameworks (particularly ISO27001), reporting on areas of deficiency and producing remedial action plans (where appropriate).  

• Manage incident response and conduct investigations to understand the source of security breaches, assess and contain damage and devise measures to protect against future breaches.  

What you’ll need to do the role:

• ISO27001 Lead Implementer and Lead Auditor. 
• Data Protection Compliance knowledge and privacy certifications. 
• Risk management knowledge.
• Works collaboratively …