Information Security Manager (JK2003)
Location: Home based
Sector: Security Operations
We are working with a high-impact healthcare technology business seeking an experienced Information Security Manager to take ownership on all aspects of information and cyber security. You will lead, develop and implement infosec programmes to enable the business to continue to build technology that genuinely improves and saves lives. This organisation has played a vital role in the pandemic, supporting Covid testing.
You will play a critical part in supporting my client when they expand internationally.
We are looking for someone with a relentless drive and passion to improve infosec, and someone willing to grow into a strategic leadership role in the organisation.
The ideal split would be 70% InfoSec and 30% engineer/operations experience, as you will be interacting and advising the engineering teams on a daily basis.
● Develop and deliver against a prioritised, risk-based information security roadmap; track and report its progress.
● Define, implement and document security standards, including governance, policies, processes and solutions aligned with industry best practices.
● Ensure that 1st line control owners are abiding by information security standards and policies.
● Play a pivotal role in the selection, application and configuration of security architecture across the estate
● Develop and Manage an outsourced Security Operations Centre
● Conduct gap analysis and audit programmes against key information security frameworks e.g. NIST, SOCII, HIPAA, ISO27001, GDPR
● Interface with the technology function to steer and guide in relation to DevSecOps best practices
● Provide guidance to the wider business on information security.
● Manage relationships with 3rd party vendors and contracted service providers.
● 4+ years experience across Information security management, application security, network security and security incident management.
● Excellent stakeholder management skills, with an ability to understand and communicate technical detail to a non-technical audience.
● Excellent knowledge and understanding of regulatory/compliance requirements in information security and data protection
● Good understanding of how to apply Information Security best practice to greenfield and scaleup environments.
● Good technical knowledge of cloud native organisations