Go to job search

Information Security Manager

Hexagon's Safety, Infrastructure & Geospatial division

Information Security Manager

Salary Not Specified

Hexagon's Safety, Infrastructure & Geospatial division, Dogridge, Wiltshire

  • Full time
  • Permanent
  • Remote working

Posted 2 weeks ago, 3 May | Get your application in now before you miss out!

Closing date: Closing date not specified

job Ref: f4459faa29df41cd89be713fd76d5895

Full Job Description

  • Maintain and continuously-improve the ISO 27001 framework and Information Security Management System (ISMS).

  • Develop a complete set of corporate Information Security policies and standards and continually monitor the information security controls, KRIs/KPIs and technical landscape.

  • Lead on compliance reviews, certifications, and accreditations (e.g. ISO27001, Cyber Essentials, GDPR etc.).

  • Implement effective and appropriate governance, risk and compliance controls and measures to protect systems and data.

  • Maintain an awareness of industry trends in the Information Security field, leveraging such knowledge towards a modern, pragmatic, and enforceable security posture.

  • Articulate current and emerging security threats with relevant stakeholders, acting as a trusted advisor through the remediation process.

  • Develop Information Security compliance frameworks, policies and procedures, to safeguard the resilience and efficiency of the SIG UK business unit.

  • Work with business, internal IT and 3rd party vendor teams to promote and adopt security best practices.

  • Validate, through regular security assessments, internal and customer deployed solutions for security best practices and recommend changes to enhance security and reduce risks, where applicable.

  • Contribute as necessary to the SSDLC and DevSecOps workstreams and initiatives.


    • KEY RELATIONSHIPS

  • Principle Technology Consultant, your line manager

  • All internal staff of SIG UK

  • SIG global staff related to security management.

  • Hexagon MIS staff (internal IT Dept)

  • External 3rd parties provisioning components of our IT solutions and deployments

  • External suppliers of Security tooling, and/or consultancy

  • Customer bid/Information Security teams.


  • Comprehensive understanding of Information Security Frameworks (e.g. ISO 27001, NIST CSF, GovS 007 and Cyber Essentials) and UK and UK Data Protection Act 2018 including GDPR.

  • Monitoring and reporting on compliance with security and data protection policies, as well as the enforcement of policies.

  • Working knowledge of Security Architecture and potential security issues related to them PaaS, IaaS, SaaS and understanding of IAM, and Data Loss Prevention in a Microsoft Azure environment.

  • Knowledge of security technologies such as IDS/IPS, vulnerability testing and Firewalls.

  • Able to conceptualise multi-layered security models throughout the technical stack, ensuring that attack surface is limited and mitigated by complimentary controls.

  • Familiar with HMG Security Policy Framework requirements and Government Security Classifications.

    Must be a strong and empathetic communicator and capable presenter able to articulate complex subjects across a variety of audiences, both technical and non-technical.

  • Able to pragmatically approach divisive issues, balancing requirements and eliciting compromise to overcome barriers.

  • Must be a confident collaborator with established and disparate teams.

  • Must be capable of working individually or as part of a matrix team., Degree qualified and/or MSc Information Security desirable.

  • CISSP, CCSP, CISM, Cybersecurity or similar certifications.

  • ISO 27001 Lead Implementer or Lead Auditor certification.

  • Must be capable of attaining NPPV3/SC security clearance

    25 days Company Holiday

  • Hybrid Working, 1 day at the office

  • Life cover 4x salary

  • PHI Insurance

  • Company Pension

  • Achievement and Service awards