Job description

IT Security Manager

Role Purpose

Manage the security team focused on security operations and assurance activities.

Lead, support, coach and mentor direct reports ensuring individuals are motivated, empowered and engaged.

Provide Subject Matter Expertise and assurance oversight to ensure that our systems are protected from unauthorised or malicious modification.

Provide technical, assurance and operational expertise for information, cyber and data security across the IT team and wider business.

Work with a high level of autonomy. Collaborate with colleagues, stakeholders and 3rd party partners to achieve business goals.

Demonstrate a desire and ability to build on existing experience and knowledge and broaden this as required.

Key Responsibilities:

• Management of the security team in an operational or governance capacity and end-to-end delivery of security practices and processes
• Line management of the security team and collaboration with the people manager community
• SME, advice, oversight and governance of security policies, processes, procedures and standards
• Contribute to the delivery of the security roadmap and a continuous improvement model for security
• Data Security Guardians provided with support, guidance and training to undertake their roles effectively
• Ensure Information Security controls are operating effectively
• Ensure where gaps are identified, that these have remediation plans agreed and delivered
• Monthly and quarterly reporting into various forums including senior stakeholder forums
• Ensure annual Security Awareness tests are completed and provide visibility / status updates for these
• Ensure effective Information Security Awareness campaigns are defined and delivered throughout the year
• Help embed security best practices throughout the business and early in projects
• Be an SME for PCI DSS and contribute to and ensure compliance governance to security standards
• Actively share learnings and regular take opportunities to improve systems and processes
• Provide regular team updates to peers, wider technology team and stakeholders
• Contribute to business and technology audits
• Engagement with 3rd party partners as a SME and to ensure due diligence process adherence

Key Competencies:

• CISSP Certified
• Proven experience of Information and Cyber security
• Proven experience of risk and control management
• Proven experience of standards including ISO27001, PCI, GDPR/DPA & NIST
• Communication of complex ideas clearly in a non-technical way
• Strong stakeholder and 3rd party management experience
• Strong communication and collaboration
• Confident at working with people at all levels
• People and team management experience
• CISM Certified
• Project management experience