Information Security Manager

The role will work collaboratively with 1st Line cyber team to ensure business assurance plans are shared and the requirements of 2nd Line are understood.

This role sits within the 2nd Line of defence, where you will lead and support the business, managing cyber risk and information protection positions effectively. Protecting the business from security threats, by identifying risks and developing appropriate risk migration plans. Providing senior leadership with independent assurance of their cyber risk and information protection posture.

You will also take the lead in delivering a defined list of cyber assurance reviews, projects, and initiatives as well as achieving the cyber assurance and compliance related objectives. You will also help shape the City cyber security strategy for data security, monitoring and reporting, risk and threat assessment, incident response, business continuity and disaster recovery.

• Input to and fulfil the development hiring plan for the team, including sourcing, screening, and interviewing
• Managing 3rd parties
• Set personal goals for each team member as well as direction while ensuring they are aligned with team goals
• Contribute and maintain the current information security risk management framework, articulate risk in business terms, identify appropriate mitigation measures and drive their delivery to ensure the security of our information and services
• Responding to information security incidents in line with the appropriate standards and processes, meeting or exceeding agreed KPIs.
• Contribute to the annual information security business plan including audits, tests, risk assessment activities and additions to the information security delivery framework, e.g. policy updates.
• to advise on, and to maintain data protection impact assessments
• Identify relevant information security activities in response to changes in standards and regulations.
• Liaise with key stakeholders to prioritise information security and compliance initiatives.
• Liaise with internal departments and external suppliers to identify and address Information Security related risks.
• to be the first point of contact for supervisory authorities and for individuals whose data is processed (colleagues, customers etc).
• Perform security risk assessments and adversarial testing to establish proportionate risk advising of any relevant enhancements to the information security delivery framework.
• to perform any activities relating to information security and compliance such as awareness-raising, training needs analysis, data migrations, security hardening, breach management and data protection based RFI.
• Liaise with key stakeholders to prioritise technology, process and people-based security initiatives to mitigate risks identified and use continuous improvement principles to ensure the evolution of our information security delivery framework.
• Set team goals and technical direction while ensuring that they align with the goals of the Technology and Information Security roadmaps
• Conducting audits, developing controls & risk assessments
• Assist with the development of City’s disaster recovery and business continuity plan.
• Accountable for data security measures being in place to meet our policies. This includes accountability for City’s data governance platform Microsoft Purview
• Following a regular timetable of security and data protection compliance audits and tests, taking appropriate steps to mitigate any risks discovered.
• Implement effective engineering processes and policies that emphasize quality and forward progress
• Initiate, facilitate and promote activities to foster information security and data protection awareness throughout City and its suppliers.
• Provide assistance in business development bids, PQQs and ITT responses.

• NIST CSF
• CISSP, CRISC or CISM certified
• Cyber security essentials
• ISO 27001
• Strong Technical Background in Data Classification and Data Loss Prevention
• Hold regular 1-1s with all direct reports
• Degree level qualification or equivalent experience in Cyber risk management and information protection
• Experience of implementing and operating Microsoft’s unified data governance platform Purview
• Strong risk-based analysis and decision making skills
• Experience in information security governance, policy and procedure definition

Salary: £70,000