What's the purpose of the job?
* Reporting to the Head of IT Operations and liaising with the Head of Infrastructure, the Information Security Manager will be responsible for maintaining Information Security policies and controls, in addition to application, infrastructure and network security reviews of local, national and international operations to ensure the security of all Information Security assets
* The Information Security Manager will be involved with the prevention, identification and detection of IT and information security risks over the entire business environment supporting the company's operations and key processes.
* The Information Security Manager will have ownership and overall control of the ISMS process.
* The Information Security manager will also be responsible for discussing the control weaknesses noted from the Information Security audits to local and/or senior management and develop recommendations to address them.
Information Security Management System (ISMS)
* Execute audits efficiently including analysis of business data and IT systems by liaising with the IT and other departments and/or as standalone technical reviews.
* Support and manage the on-going ISO 27001 audit activities including preparation for the annual audit by BSI.
* Assist the Head of IT Operations, with the planning and scoping of audits.
* Complete assigned tasks within specified times and provide concise and timely updates to the management.
* Support, manage and enhance the ISMS system including scheduling of audits, reviews and management of documentation.
* Carry out a continual improvement process with risk assessments in both methodology and scope by testing and evaluating operational & IT processes and the effectiveness of existing controls (encompassing policies, procedures and standards).
* Identify and clearly define control issues, including root causes. Review and evaluate the adequacy of internal controls and compliance with IT security policies and procedures.
* Develop and review policies, controls and standards where appropriate.
* Develop and monitor the Information Security audit schedule.
* Regularly interact and communicate with management to discuss the present audit results, gain acceptance and provide advice to remedy the audit issues or weaknesses discovered.
* Standardise the reporting format so audit results are communicated to senior management in a consistent fashion.
* Assist with Business Continuity Planning
* Training staff on network and information security procedures.
* Raising awareness of need for information security within the business.
Management and Planning
* Reviews, approves and directs the design and implementation of benchmarks, measurements and metrics used for measuring and improving the performance of the Information Security Management System.
* Monitors related industry trends, technological developments and emerging practices in the IT industry and business in anticipation of changing investor and internal needs and best practice.
* Liaises with the IT Manager to provide auditing support, security reviews and / or assist in the escalation of information breaches.
* Supervises and participates in on-going work by assisting IT in the generation of policies and procedures and maintaining a central, accessible repository of these documents.
What qualifications, skills and experience do I need?
* Certified to either CISSP or CISM level