What is the purpose of this role in the delivery of our mission? 

The Information Security Manager will be responsible for the operational and process assurance activities related to the confidentiality, integrity and availability of information in compliance with the Company’s information security policies. The successful candidate will have a keen focus on security governance, risk and compliance, whilst being able to collaborate closely with cross-functional teams to identify vulnerabilities, assess risks and develop preventive measures.

What are the key responsibilities / activities of the role: 

• Provide day-to-day advice on cyber and information security issues

• Conduct regular security risk assessments to identify potential vulnerabilities and threats

• Collaborate with internal stakeholders to evaluate the impact of identified risks and develop appropriate risk mitigation plans

• Monitor and analyse security platforms to proactively identify and address emerging risks

• Maintain information security policies, standards, and processes in coordination with internal security and business stakeholders

• Stay up to date on the latest IT security trends, technologies, and best practices

• Provide guidance and support to internal teams on security risk management

• Manage and maintain the Company’s compliance with SOC 2 Type 2, ISO 27001, Cyber Essential Plus and CSA STAR.

• Develop the Company’s education and awareness of security

• Liaise with external partners, vendors, and regulatory bodies on security related matters

• Maintenance and development of the Company ISMS

• Vendor and supplier relationship management

• Provide guidance and support to team members

What are the essential skills, qualifications and experience required for the role?

• A proactive attitude

• Excellent communication and interpersonal skills

• Ability to work independently and collaboratively in a fast-paced environment

• Ability to adapt and work in a truly international and fast-paced business

• Prior experience with SOC 2, ISO 27001, NIST CSF, and CSA CCM frameworks.

• In-depth knowledge of IT security and data protection principles, practices, and technologies

• Experience conducting risk assessments and developing risk mitigation strategies

• Experience in facilitating and supporting internal and/or external audit activities

What are the desirable skills, qualifications and experience that would be beneficial for the role? 

• Financial services experience is beneficial

• Security certifications are beneficial

• Takes an active role within UK wide Security bodies, forums and initiatives