- £320 - Day
- 1 month ago
Information Security Manager The role will be responsible for information security management for Hampshire County Council.
Management of audits on information security processes, controls and systems in order to maintain ISO27001, PCI and PSN certification.
The post holder will lead the council in setting and maintaining good IT information security practice, while coordinating closely with the Enterprise Security Architect to ensure technology and processes support the overall security posture of the council.
You will need to be able to work collaboratively with stakeholders within the organisation as well as with external vendors.
This will require excellent communication, presentation and influencing skills.
You should have a strong working understanding and experience within Information Technology with a clear understanding of the challenges of supporting and sustaining information security.
You will require excellent analytical and problem-solving skills to identify improvements and areas of risk to be addressed.
Main Responsibilities: To develop and maintain the information technology security policies and accompanying standards, procedures and guidelines, including attendance at any boards, or governance/working groups for operating and maintaining security controls and as required throughout the council.
To develop and deliver a programme of planned compliance reviews and work with the IT team and Enterprise Security Architect to ensure that any gaps are addressed whilst developing and documenting procedures.
To promote security awareness through developing and implementing a security awareness and training programme, including annual refreshers for all IT staff and wider, where applicable.
To investigate potential and validated security incidents in accordance with the security incident management process, developing reports and recommendations that will assist with execution and traceability of required remedial actions.
Reporting, analysing and developing plans that will assist in reducing the impact severity and frequency of security incidents in conjunction with Problem Management, including the provision of regular reports to IT Management about current security posture, threads and trends.
Respond to enquiries from IT staff and provide security and data protection advice as required.
Work with internal stakeholders to develop relationships and to help promote, educate and improve information security awareness at all levels.
Supporting the council’s efforts in maintaining our ISO27001 certification
Expired 6 days ago