Connecting linkedin

Information Security Manager- Control Assurance

  • Location

    London, England

  • Sector:

    Information Security

  • Job type:

    Permanent

  • Salary:

    Up to £80000 per annum + Bonus and benefits

  • Contact:

    Harry Moran

  • Contact email:

    harrym@montash.com

  • Salary high:

    80000

  • Salary low:

    0

  • Job ref:

    ISM_1561118412

  • Published:

    5 months ago

  • Expiry date:

    2019-06-28

  • Startdate:

    ASAP

Information Security Manager- Control Assurance

Overview: Montash is working with an exciting client in the Insurance sector who are currently looking for an Information Security Manager who is experienced with control assurance. The successful candidate will be required to develop an effective control assurance programme suitable for the organisation which will enable the Information Security function to test, identify and report on relevant controls which mitigate cyber risk.

Responsibilities:

  • Manage the cycle of assessments, review process and procedure, communication and co-ordination and communication with the business and relevant functions and report on the control environment posture for the region
  • Establish and develop a Control Assurance programme, using the latest control library and risk assessment programmes and incorporating into the enterprise risk framework
  • Act as the principle point of contact for assessing existing controls and identifying remediation opportunities to enhance controls
  • Highlight any areas for control efficiency and improvement
  • Ensure the controls are corresponding to the organisational risk and meet the necessary security requirements
  • Highlight and notify the risk management team of any gaps, ineffective controls or failure to meet regulatory standards
  • Produce reports on areas of concern, control status, prioritisation of control focus and plan and prepare assessments for reviews
  • Be aware of the Information Security asset register
  • Inform and guide the deployment of technical, administrative and physical controls
  • Support annual reviews of the security policies

Requirements:

  • Experience implementing, developing, maintaining and leading an effective information security control assurance programme
  • Experience using information security frameworks
  • Comfortable interacting with senior stakeholders
  • Experience performing security risk assessments and control assurance activities
  • Experience assessing requirements against regulatory, legal and policy-control frameworks
  • Expert knowledge of the General Data Protection Regulation
  • Ability to analyse and understand complex business technologies and processes to make recommendations
  • Proven experience interpreting and applying information security frameworks and standards (ISO/IEC 27001/27002, PCI-DISS, NIST Cybersecurity Framework) or attestation reports (SOC 1/2)
  • Knowledge and use of governance, risk and compliance platforms
  • Bachelor's degree or equivalent work experience
  • Certification such as- CISM, CISA, CRISC, CCSP, CISSP or CIPP (preferred but not essential)