Title: Information Security Manager Division: Group Functions Location: Stoke Banding: 6 Contract: Permanent Closes On: Monday 07 January 2019 The client is a Nationwide Claims Management, Insurance and Customer Solutions Provider who is recruiting for an Information Security Officer to be based in Stoke on Trent providing nationwide support including Ireland. The role will include support for a small number of entities in Bermuda, USA and Canada. The role will be responsible for the development and delivery of a comprehensive information security and privacy programme for the Group. The ISO will be required to provide support and advice to the business on all aspects of information risk including information security, data protection and privacy. In addition the role is to manage information security governance projects and initiatives, assist the business to define appropriate controls to manage risks associated with all information (including personal and business data) the scope of this is Group wide and includes information primarily in electronic format with a smaller percentage of manual data. The role will report to the Corporate Services Director. Job Purpose/Duties and Responsibilities: The main role and responsibilities of the Information Security Officer role is to provide and develop Policy: Coordinate the development of the Groups information security policies, standards and procedures. Work with key IT stakeholders and the Information Security and Business Continuity Group to develop such policies. Ensure that policies support compliance with external requirements. Education and Training: Coordinate the development and delivery of an education and training programme on information security and privacy matters for employees and suppliers Compliance: Serve as the Groups Information Security officer with the Groups Clients. Work as the Data Protection Officer. Work with Clients at the tender stage and throughout the life time of the Client contract for information security changes and audits. Oversee Data Subject Access requests. Manage the Group’s ISO27001 accreditation to ensure maintenance and compliance with accreditation requirements. Risk Management: Manage and complete information risk and information security reviews, including due diligence of third parties. Incident Response: Develop and implement an Incident Reporting and Response System to address security incidents (breaches), respond to alleged policy violations or complaints from external parties. Serve as the Groups official contact point for information security, privacy infringement incidents. Official Contact: Serve as the Groups designated representative on Information Security matters, including external and internal audits, client requests on security, data and privacy matters. Business Continuity: Input to the development, implementation and enhancement of the Business Continuity Framework Information Security and Business Continuity Group (IS&BC Group) Manage the Groups IS&BC Group. Maintain Knowledgebase: Keep abreast of latest security, data and privacy legislation, regulation in particular ISO27001 and GDPR, PIPA Skills & Experience: To be successful in the role, you will have relevant experience in an IT and IT Information Security role as well as extensive knowledge of Information Security and Cyber risk and control frameworks and practical experience of implementing risk management improvements or performing oversight, You will be an excellent communicator both written and verbally at all levels, and have a strong track record of building positive relationships at a senior level providing constructive support and challenge to Directors. Sound practical knowledge of Information Technology Standards including ISO27001, PCI accreditation, PIPA an advantage Qualifications: Preferable but not essential to hold a recognised information security qualification such as Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), ISO audit qualification or similar Experience: Experience of the Data Protection Act and new GDPR 5 years experience in a senior technical IT infrastructure role Experience in a similar Information Security role Driving Licence essential Are you a Davies Person? All Davies Group employees need to be able to demonstrate our Big IDEA, Inspire, Deliver, Empower and Aspire. It is essential all employees embed these behaviours in line with their job role.