Information Security Manager - Corporate Governance, Risk, and Compliance

Information Security Manager - CGRC
£70k + Bonus + Package, Based Bristol (Hybrid working)

This is an exceptional opportunity to work for our client, a global defence tech organisation.
In this exciting role the successful candidate will be responsible for providing Information Security support and advice to meet the needs of the UK business in line with all relevant policies, procedures, requirements, and standards. Ensure the information security compliance of the corporate IT infrastructure against company and MoD policy requirements.

The Role:

• Ensure that Business Unit is demonstrate corporate consistency and compliance with company and MoD information security policies and other regulatory requirements GDPR and DPA.
• Oversee company Supply Chain on-boarding approvals.
• Develop and implement a program leading to ISO27001 Certification.
• Conduct internal assessments and support Business Unit's in developing and maintaining effective security processes and procedures.
• Ensure a robust internal governance framework exists for compliance with company and MoD policies SAL, F1686, DCPP.
• Develop and manage a program of risk assessment activity and provide support and guidance on implementation of risk management controls.
• Develop and manage an information security training awareness programme for all employees and implement a strong cultural awareness campaign.
• Support essential activity to the business continuity management program for all information assurance activities including BCP Plan testing and reporting.
• Work closely with IT and wider stakeholders to maintain the corporate security posture around enterprise systems.
• Manage and oversee information security accreditation requirements. This includes the maintenance of ISO and Cyber Essentials certification and supporting external compliance audits.
• Identify and implement continuous improvement in company information security processes, reflecting current best practices. Ensure that policies and processes benefit the business without unnecessary bureaucracy.
• Support the CISO in delivering the Information Security strategy.

The Person:

• Knowledge and understanding of UK MOD and Government information security policies, processes, standards, and guidance.
• Previous experience in a similar role working as an information security manager with knowledge and experience of UK MOD and Government information security policies, processes, standards, and guidance.
• Experience in risk management including the creation of information security risk assessments, risk acceptance criteria and risk treatment plans.
• Experience of security audit and compliance in accordance with ISO 27001 or other recognisable frameworks.
• Experienced in teamwork and collaboration.
• The ability to proactively build and manage effective communication within a group or team.
• In line with company Baseline Security requirements, candidates will be asked to provide evidence of identity & eligibility to work in the UK.