Job Details

Information Risk Manager

London, Greater London, United Kingdom, £550 , Contract

Posted: 23days ago


Information Risk Manager, WFH/Remote, Initial 9 Month Contract, Up to £550 a day (Inside IR35)

Key Responsibilities/Duties
1 - Manage security and compliance risks in service delivery for key verticals and communicate with Business teams to understand all critical security requirements and risk scenarios.
2 - Engage in IRM program for the key accounts: define control framework; identify and evaluate risks; understand business context and prepare reports and recommendations.
3 - Coordinate with Incident management team during incidents and support investigation of security breaches.
4 - Perform annual Security Risk assessments and conduct related ongoing compliance monitoring activities in coordination with Privacy Officer and Legal Team members.
5 - Manage External ISO 27001 audit and coordination with auditors: plan out audit schedule and charter for corporate functions and coordinate with all internal stakeholders towards preparation.
6 - Assess, prepare and ensure all IT systems, policies and procedures fully comply with ISO 27001 SoA, security laws, rules and regulations.
7 - Conduct reviews to assess the service delivery control environment and evaluate adherence to client identified contractual requirements, policies and standards.
8 - PCI-DSS related activities including the identification of compliance gaps, the development of remediation plans, scan, PCI certification, documentation, monitoring compliance status, and ultimate attestation of compliance.

Key skills required
1 - Security certifications such as CISA, CISSP, CISM, CRISC, CCSK, CIPP IT, CIPP E etc.
2 - Strong knowledge on GDPR and EU Data Protection directive, PCI Security requirements, SSAE 18/ISAE 3402, SOC2 Standards, rules and regulations.
3 - Proven experience in information security and risk management field, especially with Technology Risk Management/IT Audit in Enterprise organizations.
4 - Strong experience in understanding and deploying risk management and security frameworks such as NIST, ISF and ISO.
5 - Experience of SSAE/ISAE, SOC 2 and PCI-DSS, assessment and control implementation; ISMS implementation.
6 - In-depth understanding of network and system security technology and practices across all major-computing areas (Network, Firewalls, Client Server, PC/LAN, telephony) with a special emphasis on Internet related technology.
7 - Understanding of DLP and eDiscovery tools as well as mapping Data Flows and processes.
8 - Experience on ISO 27001 Information Security Management system, Risk Assessments, Evaluation of results/findings, IT GRC Governance Risk Compliance Tools.

If you are interested in this opportunity, please apply now with your updated CV in word/PDF format.

Notwithstanding any guidelines given to level of experience sought, we will consider candidates from outside this range if they can demonstrate the necessary competencies.

Square One is acting as both an employment agency and an employment business, and is an equal opportunities recruitment business. Square One embraces diversity and will treat everyone equally: Please see our website for our full diversity statement.

Job Details

London, Greater London, United Kingdom