Opportunities for permanent roles in a range of business sectors

Information Security / Project Manager

Are you able to deliver the ISO27001 certifications and establish an Information Security Management System? Sepura are looking to appoint an Information Security/Project Manager to oversee key improvements and customer facing projects

Main duties

  • Deliver ISO27001 certification including:
    - Assess business readiness for ISO27001
    - Develop gap analysis from current to future state
    - Work with the business to identify required changes in behaviours to meet certification
    - Develop an Information Security Management System aligned with the requirement of ISO27001
    - Create Security Management Plan
    - Coordinate workstreams to achieve certification
  • Implementation and maintenance of an information security policy framework (policy, standards and guidelines), reflective of statutory, regulatory and contractual security requirements
  • Implement policies and procedures (in accordance with ISO27001), incorporating contractual obligations
  • Provide security advice and guidance to the business, including the handling of 3rd party intellectual property
  • Ensure that security risks are identified, assessed and appropriate recommendations recorded
  • Work with all areas of the business to ensure that strategies relating to Information Security align to company requirements and contractual obligations
  • Engage with stakeholders to discuss security issues and opportunities for enhancement to contribute to Sepura's continual improvement
  • Contribute to staff security awareness (environmental and information security)
  • Coordinate the delivery of both customer-facing and internal projects and deliverables

This role will require the candidate to be UK Security Cleared (SC)

Experience

Essential:

  • Successful planning and implementation of ISO27001
  • Good understanding of interdependencies between ISO27001 and other ISO standards
  • Experience of establishing and maintaining an Information Security Management System in a large, complex environment
  • Proven track record of supporting the development of information security policies which are effective and easily understood
  • Considerable experience in supporting and understanding customer needs

Desirable:

  • Experience leading cross-functional teams and projects to drive business improvements
  • Experience managing external suppliers and customers
  • Experienced in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies
  • Conducting information security risk assessments
  • Experience of regulatory governed environments

Skills

Essential:

  • Understanding of process improvement concepts
  • Understanding of security concepts, protocols, industry best practice and strategies
  • Demonstrable knowledge of core security principles and controls

Desirable:

  • Understanding of GDPR and data sovereignty principles
  • Cloud security principles
  • An understanding of Governance, Risk and Compliance and its application within an organisation
  • Understanding of Risk Management and methodology
  • Project management principles and methodologies

Qualifications

Desirable:

One of the following certifications:

  • CISSP
  • SSCP
  • ISO27001 Lead Auditor or Lead Implementer
  • CISA
  • CISM
  • NCSC certified practitioner

Attitude

Essential:

  • Highly motivated individual with strong initiative and drive to achieve
  • Flexible and hardworking
  • Self-motivated and able to use own initiative
  • Enthusiastic, approachable with excellent influencing skills
  • Good sense of humour and happy to "pitch in" and help out as required
  • Understanding of the sensitivity of the role and prepared to submit to or already possess security vetting to SC level

Desirable:

  • Innovative and passionate about delivering and maintaining an exceptional customer experience