Information Security/Project Manager in Cambridge at Sepura

Date Posted: 10/24/2019

Job Snapshot

Job Description

Are you able to deliver the ISO27001 certifications and establish an Information Security Management System? Sepura are looking to appoint an Information Security/Project Manager to oversee key improvements and customer facing projects

Main duties

  • Deliver ISO27001 certification including:
    - Assess business readiness for ISO27001
    - Develop gap analysis from current to future state
    - Work with the business to identify required changes in behaviours to meet certification
    - Develop an Information Security Management System aligned with the requirement of ISO27001
    - Create Security Management Plan
    - Coordinate workstreams to achieve certification
  • Implementation and maintenance of an information security policy framework (policy, standards and guidelines), reflective of statutory, regulatory and contractual security requirements
  • Implement policies and procedures (in accordance with ISO27001), incorporating contractual obligations
  • Provide security advice and guidance to the business, including the handling of 3rd party intellectual property
  • Ensure that security risks are identified, assessed and appropriate recommendations recorded
  • Work with all areas of the business to ensure that strategies relating to Information Security align to company requirements and contractual obligations
  • Engage with stakeholders to discuss security issues and opportunities for enhancement to contribute to Sepura's continual improvement
  • Contribute to staff security awareness (environmental and information security)
  • Coordinate the delivery of both customer-facing and internal projects and deliverables

This role will require the candidate to be UK Security Cleared (SC)

Job Requirements

Experience

Essential:

  • Successful planning and implementation of ISO27001
  • Good understanding of interdependencies between ISO27001 and other ISO standards
  • Experience of establishing and maintaining an Information Security Management System in a large, complex environment
  • Proven track record of supporting the development of information security policies which are effective and easily understood
  • Considerable experience in supporting and understanding customer needs

Desirable:

  • Experience leading cross-functional teams and projects to drive business improvements
  • Experience managing external suppliers and customers
  • Experienced in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies
  • Conducting information security risk assessments
  • Experience of regulatory governed environments

Skills

Essential:

  • Understanding of process improvement concepts
  • Understanding of security concepts, protocols, industry best practice and strategies
  • Demonstrable knowledge of core security principles and controls

Desirable:

  • Understanding of GDPR and data sovereignty principles
  • Cloud security principles
  • An understanding of Governance, Risk and Compliance and its application within an organisation
  • Understanding of Risk Management and methodology
  • Project management principles and methodologies

Qualifications

Desirable:

One of the following certifications:

  • CISSP
  • SSCP
  • ISO27001 Lead Auditor or Lead Implementer
  • CISA
  • CISM
  • NCSC certified practitioner

Attitude

Essential:

  • Highly motivated individual with strong initiative and drive to achieve
  • Flexible and hardworking
  • Self-motivated and able to use own initiative
  • Enthusiastic, approachable with excellent influencing skills
  • Good sense of humour and happy to "pitch in" and help out as required
  • Understanding of the sensitivity of the role and prepared to submit to or already possess security vetting to SC level

Desirable:

  • Innovative and passionate about delivering and maintaining an exceptional customer experience

Not Ready to Apply?

If you’re interested in career opportunities, but not ready to apply, join our Talent Network to stay connected to us and receive updates on the latest job opportunities and company news.