Information Security Manager - Public Sector - Basingstoke, Hampshire, United Kingdom,
Information Security Manager - Public Sector
Pay: £320 a day
Full time hours
Duration: 1 month initially
Scope: Inside IR-35
Purpose of the role:
- The role will be responsible for information security management.
- Management of audits on information security processes, controls and systems in order to maintain ISO27001, PCI and PSN certification.
- The post holder will lead the council in setting and maintaining good IT information security practice, while coordinating closely with the Enterprise Security Architect to ensure technology and processes support the overall security.
- Develop and maintain the information technology security policies and accompanying standards, procedures and guidelines, including attendance at any boards, or governance/working groups for operating and maintaining security controls and as required throughout.
- Develop and deliver a programme of planned compliance reviews and work with the IT team and Enterprise Security Architect to ensure that any gaps are addressed whilst developing and documenting procedures.
- Promote security awareness through developing and implementing a security awareness and training programme, including annual refreshers for all IT staff and wider, where applicable.
- Investigate potential and validated security incidents in accordance with the security incident management process, developing reports and recommendations that will assist with execution and traceability of required remedial actions.
- Reporting, analysing and developing plans that will assist in reducing the impact severity and frequency of security incidents in conjunction with Problem Management, including the provision of regular reports to IT Management about current security posture, threads and trends.
- Respond to enquiries from IT staff and provide security and data protection advice as required.
- Work with internal stakeholders to develop relationships and to help promote, educate and improve information security awareness at all levels.
- Supporting the council's efforts in maintaining our ISO27001 certification, internal audit activities related to security, and ensuring IT evidence requirements are met for PSN, PCI and other compliance returns
- Educated to degree level or substantial work experience at a level demonstrating graduate ability.
- Experience of working with IT Security baselines ISO/IEC 270001 or higher
- Experience of working in a regulated and/or financial industry
- Good working knowledge of information security including ISO27001 Information Security Management Standard
- Ability to lead and deliver change and contribute to cultural change successfully...... click apply for full job details