Information Security Manager
Hexagon's Safety, Infrastructure & Geospatial division
Information Security Manager
Salary Not Specified
Hexagon's Safety, Infrastructure & Geospatial division, Dogridge, Wiltshire
- Full time
- Permanent
- Remote working
Posted 2 weeks ago, 3 May | Get your application in now before you miss out!
Closing date: Closing date not specified
job Ref: f4459faa29df41cd89be713fd76d5895
Full Job Description
- Maintain and continuously-improve the ISO 27001 framework and Information Security Management System (ISMS).
- Develop a complete set of corporate Information Security policies and standards and continually monitor the information security controls, KRIs/KPIs and technical landscape.
- Lead on compliance reviews, certifications, and accreditations (e.g. ISO27001, Cyber Essentials, GDPR etc.).
- Implement effective and appropriate governance, risk and compliance controls and measures to protect systems and data.
- Maintain an awareness of industry trends in the Information Security field, leveraging such knowledge towards a modern, pragmatic, and enforceable security posture.
- Articulate current and emerging security threats with relevant stakeholders, acting as a trusted advisor through the remediation process.
- Develop Information Security compliance frameworks, policies and procedures, to safeguard the resilience and efficiency of the SIG UK business unit.
- Work with business, internal IT and 3rd party vendor teams to promote and adopt security best practices.
- Validate, through regular security assessments, internal and customer deployed solutions for security best practices and recommend changes to enhance security and reduce risks, where applicable.
- Contribute as necessary to the SSDLC and DevSecOps workstreams and initiatives.
- Principle Technology Consultant, your line manager
- All internal staff of SIG UK
- SIG global staff related to security management.
- Hexagon MIS staff (internal IT Dept)
- External 3rd parties provisioning components of our IT solutions and deployments
- External suppliers of Security tooling, and/or consultancy
- Customer bid/Information Security teams.
- Comprehensive understanding of Information Security Frameworks (e.g. ISO 27001, NIST CSF, GovS 007 and Cyber Essentials) and UK and UK Data Protection Act 2018 including GDPR.
- Monitoring and reporting on compliance with security and data protection policies, as well as the enforcement of policies.
- Working knowledge of Security Architecture and potential security issues related to them PaaS, IaaS, SaaS and understanding of IAM, and Data Loss Prevention in a Microsoft Azure environment.
- Knowledge of security technologies such as IDS/IPS, vulnerability testing and Firewalls.
- Able to conceptualise multi-layered security models throughout the technical stack, ensuring that attack surface is limited and mitigated by complimentary controls.
- Familiar with HMG Security Policy Framework requirements and Government Security Classifications.
Must be a strong and empathetic communicator and capable presenter able to articulate complex subjects across a variety of audiences, both technical and non-technical. - Able to pragmatically approach divisive issues, balancing requirements and eliciting compromise to overcome barriers.
- Must be a confident collaborator with established and disparate teams.
- Must be capable of working individually or as part of a matrix team., Degree qualified and/or MSc Information Security desirable.
- CISSP, CCSP, CISM, Cybersecurity or similar certifications.
- ISO 27001 Lead Implementer or Lead Auditor certification.
- Must be capable of attaining NPPV3/SC security clearance
25 days Company Holiday - Hybrid Working, 1 day at the office
- Life cover 4x salary
- PHI Insurance
- Company Pension
- Achievement and Service awards
KEY RELATIONSHIPS