job / information security manager west central scotland glasgow 4436
This vacancy is now closed

Information Security Manager - Glasgow

£negotiable - Technology & Data
Ref: 4436 Date Posted: Monday 29 Apr 2019
LinkedIn ShareShare

Information Security Manager required for the Information Security team of this global services firm on a six-month contract.

The Information Security Function aims to maintain appropriate safeguards to protect the confidentiality, integrity and availability of the firm and its clients' information assets in electronic and physical formats

Reporting to the ‘Head of’, you will have accountability for managing , monitoring and reporting on the operational status of the Firms Information Security Management System (ISMS) and ensuring client contractual requirements are observed in relation to the technical security controls operated by the firm.  You will also ensurr that all processes and procedures required to manage and operate the risk -based Information Security Management System (ISMS) are undertaken, reports produced, records maintained, and any exceptions escalated to management.

Your responsibilities will include:

  • Manage the practices and processes of the ISMS in line with ISO27001:2013 requirements. Ensuring that they are continuously performed, effective and efficient.
  • Conduct Risk assessments and manage the Information Security Risk Management processes and remediation activities. 
  • Provide weekly and monthly performance and risk reports showing the effectiveness of the ISMS and how it supports the Firms Cyber Security resiliency programme.
  • Work with the Head of Information security to maintain the security documents (policies, standards and base guidelines).
  • Be the focal point of all enquiries from the firm to assess compliance to information security aspects of client terms. Ensuring responses are provided in a thorough and timely manner.
  • Manage the internal audit and penetration testing programme. Reporting the current status of the programme and any remediation actions. 
  • Manage and assess the effectiveness of the ISO27002:2013 security control framework on a regular basis.
  • Participate in Cyber Incident Response Team to provide assistance to the IT Major Incident Manager in conveying the impact of a cyber security event to internal stakeholders.
  • Collaborate with internal stakeholders (Risk &Compliance and Data Governance Functions) as necessary to report, manage and respond to data breach incidents.
  • Collaborate with other internal service providers of security controls to ensure that requirements are understood and issues escalated as necessary.
  • Act as a subject matter expect for Information security topics within the business providing appropriate advice and guidance as necessary.
  • Raise the profile of information security within the Firm

Essential Experience

  • Experience of managing an ISO27001 certified information security management system
  • Experience of reviewing and agreeing the rolling audit schedule with the respective business owners
  • Extensive experience of IT experience, with information security role
  • Able to conduct risk assessments

Day Rate £negotiable.  For further information contact Stuart Ringland  on (0141) 530 4333 or email