Information Security and Risk Manager

Job Description

An Information Security and Risk Manager is required for our client based in Manchester, for an initial 6-month contract. Currently working from home and then moving to a more hybrid model.

• Responsible for the implementation of locally and nationally agreed information assurance policies into IT security standards for new services and ongoing operations.
• Management of IT security practices in support of the accreditation of the client to use national systems.
• Responsible for the identification and escalation of IT security risks in sufficient time for mitigations to be carried out.
• Responsible for ensuring the inclusion of IT security standards into the technical architecture and architecture documentation.
• Represents IT requirements and good practice to Information Management in support for local information assurance policy development.
• Provides specialist cyber security leadership for the detection and remediation of IT security breaches.
• Represents the Intelligent Client and IS Branch at national, regional and local level as required.
• Attends branch and supplier board Meetings plus Workshop and Project meetings to give advice and make decisions from an Information & Security perspective.

Other Duties include:

• Provides IT security advice and support to the Information Security and Risk Lead on the design and implementation of information assurance policies taking account of IT Industry
• Implements local and nationally agreed information assurance policies into IS Branch IT security principles, technical solution designs and operational practices.
• Develops, maintains and delivers the IT Security plan to identify and mitigate risks and vulnerabilities in line with national standards.
• To liaise with Senior Branch and Divisional Managers and advise on appropriate IT security measures as required.
• Considers implications of emerging threats to IT security and advises on appropriate mitigations to protect the organisation against such threats, for example software versions, patching, and use of firewalls and gateways.
• Provide technical leadership in the detection and remediation of any technical security breaches.
• Supervising IS Security specialists contracted to contribute highly specialised technical knowledge.
• To act as the Crypto Custodian in line with national standards and procedures.
• Makes decisions at the appropriate time, taking into account the needs of the situation, priorities, constraints and the availability of necessary information.
• Represents the Intelligent Client function as appropriate and when required.
• Maintains the IS Branch risk register in consultation with management leads across the branch and SLT. Supports the risk management process.
• Provides the IT security risks for the IS Branch risk register including risks arising from in-house and 3rdparty services.
• Escalates urgent IT security concerns to SLT in sufficient time for action to be taken.
• Reports on IT security risks and issues to the Information Assurance Board.

Relevant national, international, industry and professional standards/legislation associated with the role. For example:

• Security Policy Framework.
• ISO 27000 series accreditation