Information & Cyber Security Manager - Edinburgh
Salary up to £70k DOE (Partial or Fully Remote working available).
Key strength will be the ability to review the current status of delivery, Identify and deliver service improvements and articulate business benefits as well as working with key stakeholders at senior management level.
Responsible for ensuring that all account contractual security requirements are delivered, managing relationships with customers and suppliers at senior management levels.
The role will require managing security activities such as risk, security incidents, changes, policies and implementation of ISO 27001, Cyber Essentials plus as well as any external audit requirements. Proactively promote security services and drive revenue opportunities.
Working closely with the IT and the wider business to develop and improve the current security strategies and processes.
Review and lead on the management of Cyber Security, covering people, physical, process and all technology aspects.
- Strong managerial experience in Information and Cyber Security
- Driving innovation & continuous improvement.
- Versatility; Proven ability to adapt and learn in an innovative environment
- Excellent communication and interpersonal skills
- Experience delivering ISO27001, PCI-DSS, Cyber Essentials.
- Hands on experience securing Azure, O365 or AWS implementations.
- A broad technical knowledge of Infrastructure, Networks.
- A thorough understanding and an ability to engage all areas of IT.
- An ability to translate complex ideas to non-technical stakeholders.
- Evidence of Leading Security investigations, including responding to incidents involving malware, data loss, or network intrusion
- Security related qualifications such as CISSP, CISM, ISO27001 lead implementer or auditor, or equivalent experience.
- A solid understanding of GDPR and data protection and information governance
- Ensure that all information security policies and standards are aligned to the companies vision and values. Ensuring that all staff are informed about how to use them and are notified about subsequent changes.
- implementation, maintenance and management of security procedures information security requirements, anti-fraud, incident management procedures, Business Continuity and Disaster Recovery.
- Ensure the delivery of ISO27001 commitment.
- Develop and deliver a sustainable and targeted information security awareness and training programme, relevant to the diverse nature of end users, to improve information security awareness amongst all employees, clients and partners.
- Delivery of a SOC in line with Devops projects and business growth.
- Create a security by design culture across Devops & Data teams.
- Ensure we have a defence in depth strategy across our networks
- Identifying Security and Data Protection related risks and provide proportionate mitigation options and advice to business risk owners for decision making.
- Conduct of security assurance and compliance audits.