Accept Cookies? YES
This website uses cookies to store non-personal data in order to function properly.
Privacy laws effective from May 2012 mean that you need to confirm your consent
for us to store a cookie. You can find out more about cookies here.

Search Jobs

Latest News

Event: Back to work.... after time out?

Eduserv, a not for profit IT services provider based in Bath, are hosting a FREE event in collaboration with Women In Technology to support women back to work following maternity leave or a period ..

Read more

Mother IT Saga

When it comes to work and careers, women are the same as men… Almost. 1)      Are we Ambitious? We want to reach the top don’t we Theresa, Angela and Hilla..

Read more

Exercise and the Pub: The Secret to Equality in the Workplace

Some new ideas are helping IT company MirrorSphere buck the trend when it comes to female representation in the technology industry. The Oxfordshire-based business boasts a female directo..

Read more

Inspiring Women in Tech – Alex Depledge

At Baltic, we are passionate about getting Girls into IT. So much so, we invited some of our country’s truly inspiring leading ladies to answer a few of our questions and give an insight into..

Read more

Ladies & Gentlemen of the Board

Infographic                                 ..

Read more

Technology in the Workplace

In today’s modern world, technology is constantly involved in our daily lives, from the moment our cellphone wake us up through a previously set up alarm, until we fall asleep on a meticulous..

Read more

Manager, Information Security Governance

Reference  
011120182
Location  
Category  
Type  
Permanent
Salary  
£0 - £0
Salary Frequency  
Annum

The Manager of Information Security Governance is a key role in the Information Security team responsible for implementing and maintaining an enterprise-wide strategy to secure DTI\Epiq’s information assets and the services and products that depend on them, protect the privacy of the company’s clients and employees, and successfully adhere to identified compliance requirements. This role is strategic in nature and will focus on ensuring adherence to and continuous improvement of the overall security program. ESSENTIAL DUTIES AND RESPONSIBILITIES: § Support achievement of Information Security’s strategic objectives by ensuring established standards, processes and policies are adopted and applied consistently across all locations. § Recommend and facilitate improvements to processes by utilizing industry best practices and ISO27001. § Provide input into the development of security policies, standards, procedures and guidelines for securing corporate systems and information in adherence with all applicable policies and regulations. § Participate in or, as needed, lead special projects related to information security, especially in the areas of risk assessment, technical and process control design, and application of security standards. Interact with internal and external technical staff, consult with project teams at various stages of project cycles, and communicate status of projects to management and stakeholders on a regular basis. § Conduct complex security architecture analysis of networks, systems, applications, and technology initiatives to identify risk and provide expert advice on strategies for mitigating those risks. § Advise senior department management by identifying solutions for critical security issues and opportunities for security program improvement. § Investigates, recommends and oversees implementation of new security products and services. § Oversight of the ISMS as required to meet and maintain ISO27001:2013 standards. § Coordinate security assessments with internal audit, certifying bodies, and external vendors. Assess audit results and work with multiple resolver groups to ensure timely remediation of identified issues. § Assist in developing and implementing security awareness and training efforts. § Continually stay informed on security and technology issues that could impact the business and communicate these issues within the security team and other appropriate audiences. § Other miscellaneous duties as assigned. INFORMATION SECURITY RESPONSIBILITIES: This position shares in responsibility for information security by following all applicable security policies and procedures. This position is authorized to use elevated privilege accounts in the performance of job duties. This position is authorized to handle sensitive or confidential data in accordance with established procedures in the performance of job duties. This position has access to systems providing account and access provisioning. This position is authorized to issue password resets in accordance with established procedures in the performance of job duties. This position is authorized to manage, provision, and deprovision IT assets in accordance with established procedures in the performance of job duties. QUALIFICATIONS: § Bachelor’s degree, preferably in information security, computer science or other related field (work experience may be substituted for the required education on a year for year basis). ADDITIONAL REQUIREMENTS: •High level of integrity and judgement concerning privacy and confidentiality issues •Excellent written and verbal communication skills with the ability to effectively communicate complex concepts, policies, and procedures to individuals with a varying range of expertise, interests and backgrounds. •High degree of collaboration and team-orientation. Consultative/client focus. •Self-starter with demonstrated ability to manage multiple projects in a busy, fast-paced environment. •Ability to drive tasks to completion including working in collaboration with cross-functional teams •This role may require international travel. § Minimum of 5 years of combined security and\or IT work experience with at least 3 years in a position focused primarily on information security. § One or more professional security certifications (CISSP, CISM, CISA, or relevant SANS certification). ISO Lead Implementer\Auditor is a plus. § In-depth knowledge of information security standards, best practices, and common data confidentiality regulations (e.g., ISO27001\2, NIST, EU Privacy, PCI, HIPAA, etc.). Experience maintaining an ISMS within an ISO27001/2-compliance environment is a plus. § Demonstrated ability to translate business requirements into appropriate controls in a client-focused environment. § Experience with conducting detailed network, operation system, database and/or vulnerability assessments and security configuration audits is preferred