Information Security Manager

Company Description

Ergomed Plc is a public company on the London stock exchange with  its HQ in Guildford, UK.  The company boasted 40% growth in its revenues in its last report.  This success is due to the hard work of our highly skilled employees and our subsequent  reputation for excellence with our clients. 

Job Description

POSITION SUMMARY

The Information Security Manager (ISM) is responsible for establishing and maintaining a corporate wide information security management program to ensure that the businesses information assets are adequately protected.  The position is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets with applicable compliance and regulatory requirements, and aligns with and supports the defined posture for the business.

The ISM will be a skilled subject matter expert with a sound knowledge of business management and a working knowledge of information security technologies.  The ISM will proactively work with the IT Management Team and other business stakeholders to ensure that information security strategy and capability is aligned to the immediate and long-term requirements of the business.

The ISM role also serves as a process owner and is responsible for all audit and assurance activities related to the availability,. Integrity, confidentiality and governance of all information assets within the business. A key role of the ISM is working with the CIO and other Executives to determine acceptable levels of risk for the organization and then managing the implementation of appropriate strategies and technologies to manage the agreed risk levels.

Key Responsibilities:

·         Develop, implement, and monitor a comprehensive enterprise wide security and information technology risk management program to ensure that integrity, confidentiality, and availability of information is maintained.

·         Manage the organizations information security capabilities and subject matter experts through both direct and indirect supervision in liaison with IT Management Team

·         Facilitate information security governance through the implementation of appropriate process and governance including the formation of an information security governance forum

·         Work closely with the business Data Privacy lead and establish appropriate security policies and practices to ensure that our legal, regulatory and compliance obligations can be met

·         Develop, publish, and maintain up-to-date information security policies, standards and guidelines and oversee the approval, training and dissemination of security policies and practices

·         Create, communicate, and implement a risk-based process for vendor risk management, including the assessment of and treatment for risks that may result from partners, consultants, contractors, or other service providers

·         In collaboration with IT Management establish and over see the deployment of IT ecosystems and architectural policies, processes and guidelines for the infrastructure and systems deployed to the business.

·         Develop and manage the information security budget as a component of the annual IT budget

·         Work directly with the IT Management Team and other business stakeholders to develop risk awareness programs to establish and embed a security and data integrity aware culture

·         Provide regular reporting on the status of information security risks to senior business stakeholders and the executive team

·         Coordinate information security risk reduction programs in collaboration with the IT Management and business Quality Teams to reduce risk and audit findings

·         Provide security risk guidance to IT projects including the recommendation of technology, tooling, process and practice to ensure compliance with corporate posture.

·         Management security incidents and events and protect the corporate information assets, intellectual property and company reputation.

·         Develop and oversee effective disaster recovery policies and standards to align to the enterprise business continuity and IT service continuity plans.

·         Organize and manage annual security testing and tabletop scenario testing to ensure the robustness of the enterprise plans and processes.

·         Ensure that audit trails, systems logs and other monitoring data sources are reviewed regularly to ensure compliance with company policies

·         Manage a knowledge base comprising of a technical reference library, security advisories and alerts, information security trends and practices, laws, and regulations.

·         Manage outsourced vendors that provide security functions for compliance to contracted obligations and service levels.

·         Manage in collaboration with the IT Management Team the day-to-day activities of threat and vulnerability management, risk tolerances, recommended treatment plans and communicate information about risks.

Qualifications

Education:

·         Bachelor’s degree in Information Systems Management, or related field (or equivalent combination of education, training and experience) in Information Security Management.

Experience:

·        Demonstrated experience as a Information Security Manager.

·         Experience as IT security Analyst in design and/or deployment and/or support roles.

·         Strong analytical, problem-solving and critical thinking skills.

·         Ability to effectively facilitate and bring together medium/large sized cross-functional teams with different viewpoints during brainstorming discussions.

·         Requirements Elicitation, Analysis, and Documentation.

·         Ability to balance multiple tasks/priorities, consistently meeting deadlines.

·         Ability to effectively prioritize and execute tasks in a high-pressure environment is crucial.

·         Experience in the Life Science industry a plus.

Special Skills:

·        Working knowledge of mid/large IT organizations processes.

·        Knowledge of software development methodologies like SCRUM, Agile, and Waterfall.

·        Understanding of ITIL and SAFe frameworks.

·        Excellent communication skills, both verbal and written.

PC Skills:

·        Proficient in Microsoft Suites and Office 365.

·        Proficient at using diagram software Visio/Draw.io/Gliffy.

·        Proficient using Project tracking software (JIRA, Fresh Service, ServiceNow).

Additional Information

We offer:

• Full-time position
• Competitive salary and benefits