Information Security Manager – GRC/ISO27001

Location: North London (Wembley area). Three days a week in the office are required.

Salary: up to £70,000 + benefits.

Key Responsibilities

• Helping the company achieve the ISO27001 certification over the coming months
• Aligning the information security strategy across all companies in the group
• Supporting security and compliance matters requirements
• Providing security subject‑matter expertise on projects undertaken by the business and acting as an advisor on all business security policy, security strategy and information risk management issues
• Supporting the execution of the general data privacy assessment processes (including third‑party assessments), internal control reviews and risk assessments to monitor compliance with information security policies and standards
• Working effectively with IT teams
• Assisting in developing and maintaining Security Incident Response Procedures and Data Breach Guidelines; reviewing and reporting on security incidents, potential incidents or other security risks and ensuring that appropriate correction and preventative measures are implemented
• Working closely with the CISO to support risk remediation and solution design related to vulnerability scanning and penetration testing of critical assets
• Ensuring that the ISMS security, process and critical systems documentation is maintained/reviewed at appropriate levels and at designated review times
• Assisting in conducting internal IS audits, producing reports with recommendations for remediation and improvement
• Maintaining staff information security awareness

Must Haves

• Knowledge and experience of internal information security auditing based on ISO/IEC 27001 Information Security standards – ideally having been involved in and ISO27001 implementation
• Understanding and experience of successfully maintaining information security standards in a live multi‑country environment
• Knowledge of current information security legislative/regulatory requirements such as GDPR
• Knowledge of risk management/assessment and compliance principles as they relate to projects and operations
• Strong communicator with excellent written communication skills
• Strong analytical and organisational skills with the ability to work independently, as well as part of a wider team, with minimal supervision
• Positive attitude with an eagerness to learn and develop professional knowledge

Other Information

Seniority level: Mid‑Senior. Employment type: Full‑time. Job function: Information Technology. Industries: Transportation, Logistics, Supply Chain and Storage.

Please send your CV for immediate review.