RSR Regulatory Services is a market leading recruitment business dedicated to supplying experienced practitioners on a temporary, contractual or permanent basis to the Law Enforcement, Cyber Security, Offender Management and Regulatory Services talent markets

RSR Regulatory are currently recruiting for an Information Security Manager to work with our client on a permanent basis.

Based in the East Midlands, as the Information Security Manager, you will hold responsibility for identifying and managing the firm's risks around information/cyber security and data protection.

The ideal candidate will have previous experience of managing information/cyber security risks, ideally within a legal practice environment.

Practical experience of dealing with rights of individuals and managing incidents caused by individuals rather than systems would be desirable.

The salary offered for this role will be £60k - £70k, dependent on experience.

Main duties and responsibilities

• Management of the Information Security Management System (ISMS) including ISMS objectives to ensure compliance with ISO27001, cyber essentials plus, any other accreditations and client requirements

• Review, implement and embed information and cyber security policies

• Managing the annual internal audit program and conducting internal audits

• Identify and implement remediation actions required to close internal and external audit findings in a timely and effective manner

• Working with IT to ensure planning and execution of security testing is effective in identifying key security risks

• Responsibility for managing client audits/questionnaires relating to information/cyber security and for understanding the impact of client requirements around information/cyber security, ensuring appropriate escalation for approval

• Responsibility for managing the due diligence around information/cyber security and data protection in relation to suppliers and third parties to ensure compliance with ISO27001, other accreditations and client requirements

• Incident and breach management involving information/cyber security and data protection including escalation, mitigation, reporting and lessons learnt

• Completion and sign off of Data Protection Impact Assessments (DPIAs) ensuring that security and data protection is appropriately considered addressed and escalated, where appropriate

• Data protection compliance including managing risks with data owners, completion and review of Records of Processing Activities (ROPAs) and Legitimate Interest Assessments (LIAs)

• Responsibility for responding to data subject access requests and other rights of individuals

• Ensuring that effective training on information/cyber security and data protection is delivered in accordance with the R&C training plan and use of all channels to raise awareness to embed ISMS and security controls

• Responsibility for managing the agenda and actions and chairing our Information Security Group

• Collaborate with other functions within the business owners to provide expert advice on information and cyber security related activities and perform security assessments to ensure that the controls and security requirements are being implemented

• Preparing reports for Information Security Group, Risk and Compliance Committee and the Exec to help ensure that they have a clear understanding of key security risks

• Conceptualise and consideration of proposals for implementation ISO27701

Person Specification

• Proven working knowledge of ISO27001 and GDPR

• Information security and/or Information Technology industry certification (eg CISSP) strongly preferred

• Certified Information Security Manager (CISM) qualification is desirable

• Knowledge of ISO9001 is desirable

• Strong understanding of security controls to evaluate their effectiveness and the ability to make recommendations to reduce/control any risks identified

• Strong understanding of assurance methodologies and testing protocols

• Excellent communication skills, both written and oral and the ability to explain and advise succinctly on technical issues to non-technical individuals

• Ability to create and manage key relationships within the business

• Strong analytical skills with a pragmatic “problem-solving” approach with an ability to influence

• Has the confidence to take responsibility and work independently while keeping others informed of progress and escalating issues where appropriate

• Excellent organisational skills with the ability to plan, organise and prioritise tasks and projects to meet deadlines and adapt quickly to changing priorities

• Willing to spend time as required in the firm’s Birmingham, Exeter, London and Manchester offices

• Proven team player

• Ability to remain calm, controlled and resilient when under pressure

Occasional travel may be required to other offices around the UK.

If you would like to be considered for this position and have the relevant experience, then please apply now.

Due to the high volume of applications received, if you do not hear from us within 7 working days, I am afraid your application has been unsuccessful.

RSR Police is member of the Red Snapper Group.

The Red Snapper Group acts as an employment agency (permanent) and as an employment business (temporary) - a free and confidential service to candidates.

The Red Snapper Recruitment Group is an equal opportunities employer.

RSR Regulatory Services is a market leading recruitment business dedicated to supplying experienced practitioners on a temporary, contractual or permanent basis to the Law Enforcement, Cyber Security, Offender Management and Regulatory Services talent markets

RSR Regulatory are currently recruiting for an Information Security Manager to work with our client on a permanent basis.

Based in the East Midlands, as the Information Security Manager, you will hold responsibility for identifying and managing the firm's risks around information/cyber security and data protection.

The ideal candidate will have previous experience of managing information/cyber security risks, ideally within a legal practice environment.

Practical experience of dealing with rights of individuals and managing incidents caused by individuals rather than systems would be desirable.

The salary offered for this role will be £60k - £70k, dependent on experience.

Main duties and responsibilities

• Management of the Information Security Management System (ISMS) including ISMS objectives to ensure compliance with ISO27001, cyber essentials plus, any other accreditations and client requirements

• Review, implement and embed information and cyber security policies

• Managing the annual internal audit program and conducting internal audits

• Identify and implement remediation actions required to close internal and external audit findings in a timely and effective manner

• Working with IT to ensure planning and execution of security testing is effective in identifying key security risks

• Responsibility for managing client audits/questionnaires relating to information/cyber security and for understanding the impact of client requirements around information/cyber security, ensuring appropriate escalation for approval

• Responsibility for managing the due diligence around information/cyber security and data protection in relation to suppliers and third parties to ensure compliance with ISO27001, other accreditations and client requirements

• Incident and breach management involving information/cyber security and data protection including escalation, mitigation, reporting and lessons learnt

• Completion and sign off of Data Protection Impact Assessments (DPIAs) ensuring that security and data protection is appropriately considered addressed and escalated, where appropriate

• Data protection compliance including managing risks with data owners, completion and review of Records of Processing Activities (ROPAs) and Legitimate Interest Assessments (LIAs)

• Responsibility for responding to data subject access requests and other rights of individuals

• Ensuring that effective training on information/cyber security and data protection is delivered in accordance with the R&C training plan and use of all channels to raise awareness to embed ISMS and security controls

• Responsibility for managing the agenda and actions and chairing our Information Security Group

• Collaborate with other functions within the business owners to provide expert advice on information and cyber security related activities and perform security assessments to ensure that the controls and security requirements are being implemented

• Preparing reports for Information Security Group, Risk and Compliance Committee and the Exec to help ensure that they have a clear understanding of key security risks

• Conceptualise and consideration of proposals for implementation ISO27701

Person Specification

• Proven working knowledge of ISO27001 and GDPR

• Information security and/or Information Technology industry certification (eg CISSP) strongly preferred

• Certified Information Security Manager (CISM) qualification is desirable

• Knowledge of ISO9001 is desirable

• Strong understanding of security controls to evaluate their effectiveness and the ability to make recommendations to reduce/control any risks identified

• Strong understanding of assurance methodologies and testing protocols

• Excellent communication skills, both written and oral and the ability to explain and advise succinctly on technical issues to non-technical individuals

• Ability to create and manage key relationships within the business

• Strong analytical skills with a pragmatic “problem-solving” approach with an ability to influence

• Has the confidence to take responsibility and work independently while keeping others informed of progress and escalating issues where appropriate

• Excellent organisational skills with the ability to plan, organise and prioritise tasks and projects to meet deadlines and adapt quickly to changing priorities

• Willing to spend time as required in the firm’s Birmingham, Exeter, London and Manchester offices

• Proven team player

• Ability to remain calm, controlled and resilient when under pressure

Occasional travel may be required to other offices around the UK.

If you would like to be considered for this position and have the relevant experience, then please apply now.

Due to the high volume of applications received, if you do not hear from us within 7 working days, I am afraid your application has been unsuccessful.

RSR Police is member of the Red Snapper Group.

The Red Snapper Group acts as an employment agency (permanent) and as an employment business (temporary) - a free and confidential service to candidates.

The Red Snapper Recruitment Group is an equal opportunities employer.