Please check your email .
Information Security Manager, ISMS Team
Work from home and regular travel to UK offices will be required
- Maintain and expand the ISO 27K to the current and future certifications.
- Internal Audit provides a large part.
- Supporting assessments that are PCI DSS related.
What we are looking for:
- Security Subject matter experts.
- Implemented in ISO 27k before.
- CISM or other related certifications are essential
- Governance and Internal Audit.
- New account experience - We want to know what that person does on a new account? Have they been setting things up from green/brownfield? Expanding the account etc.
Who you'll be working with
You will be joining a security GRC (Governance Risk and Compliance) team that reports directly to the CISO for Cloud Infrastructure Services Northern Europe. The GRC function sits within a wider Cyber Security delivery team consisting of more than 130 cybersecurity professionals that deliver world class security services to a broad range of blue-chip clients.
The focus of your role
You'll be responsible for ensuring GRC requirements are implemented and maintained across our UK/Northern Europe client base, delivering and maintaining an ISO/IEC 27001:2013 certified Information Security Management System (ISMS).
What you'll do
" Deliver a certified ISO/IEC 27001:2013 ISMS to meet contractual obligations and that also meet security policies.
" Ensure all aspects of security governance are in place including formal risk management.
" Provide, when appropriate, high quality security advice and guidance in a timely manner.
" Build and maintain effective working relationships across service lines (Capgemini, client, 3rd Party and Partner contacts).
What you'll bring
" Proven experience of working with Information Security Management Systems and information security governance.
" A good knowledge of all aspects of Information Assurance and Cybersecurity.
" Experience in implementing/developing security policies and technical documentation.
" Experience in security incident management and investigations.
" Good personnel and physical security skills and experience in security awareness programmes.
" An ability to influence senior management on security best practice.
" An ability to identify and drive security service improvement.
" Good orientation in commercial and organisational business practices and procedures.
" Sound practical working knowledge of ISO/IEC 27001:2013 & ISO/IEC 27002:2013 standards and processes.
" An ability to interpret and apply complex information and be able to explain security requirements to non-specialists.
" Hold or attain professional certification such as CISSP; CISM; CRISC; ISO/IEC 27001:2013 Lead Auditor; Certified Cyber Consultancy experience; CBCI; PCI DSS; Certified Sarbanes Oxley Expert (CSOE); International Association of Privacy Professionals (IAPP) CIPP/E or CIPM or CIPT.
" Existing HMG National Security Vetting or the ability to attain such.
Register with ARM's job board to receive the latest opportunities that match your criteria straight in your email inbox, manage your job search and receive our newsletter.
Looking for a different recruitment experience? Work with an award-winning multidisciplinary team of technology and engineering recruitment experts, find out exactly what makes ARM stand apart.