Our vacancies

Search Jobs  

Information Security Manager

Job Introduction

This is an exciting and challenging position for a commercially focused professional Information Security Analyst, who thrives on new challenges, possesses true entrepreneurial spirit and enjoys working in a fast-paced, highly flexible environment.

 

118 118 Money Keeps Britain Running! Life is sometimes messy, unpredictable and surprising — that’s where we come in. We provide personalised financial solutions so our customers can handle whatever lands in their path, to get back out there and get on.

 

Launched in 2013, we came to shake up the traditional UK financial services industry with our unsecured personal loan product. Always looking to challenge the status quo, we also recently launched the 118 118 Money Card, the first ever subscription-based credit card on the market.

Role Responsibility

Reporting to the Director of Information Security and DPO, the main responsibility of this role is to support the function of Information Security ensuring compliance with regulatory requirements. The successful candidate will play a key part in the maintenance and continual improvement of the global ISO27001:2013 certificate and be involved in ensuring compliance to GDPR and PCI-DSS, advising the business on risk management and expected controls aimed at mitigating risks through the systems and project lifecycles.

 

Key Responsibilities & Objectives

 

  • Provide risk identification and assessment into new projects as an Information Security SME
  • Create and maintain a program of security measurements, focusing on ISO27001, PCI-DSS and GDPR measures which will be of use to the senior executive team
  • Work closely with individual business units to understand and Information Security needs and promote Information Security where needed
  • Work with the Information Security Director to respond to and manage security incidents
  • Investigate any new technology/best practices that could further enhance the information security position
  • Work in conjunction with other business security leads to share common practices
  • Maintenance of ISO27001:2013 certificate across two sites in the UK and the potential to grow to overseas sites
  • Participate in and manage external audits where applicable
  • Conduct internal audits in support of ISO27001 and risk strategies
  • Create and maintain a model of assessment of third party risks, working with the Information Security Director to deliver and continually improve
  • Working with the Information Security Director to create an ongoing awareness program for all staff; UK and overseas

The Ideal Candidate

Required Behaviours:

  • Disciplined Execution & Effective Communication
  • Accountability for Excellence
  • Organisational Collaboration & Stakeholder Management
  • Customer Insight, understand your customers and anticipate how Information Security can help
  • Ability to work independently with excellent attention to detail

 

Required Knowledge:

  • Understanding of ISO27001 Standard and requirements of an external audit
  • CISA, CISM, CRISC accreditation desirable
  • Knowledge of GDPR (general data protection) and PCI-DSS (protection card holder data)

 

Required Experience:

  • ISO27001:2013 framework, management of policies/processes and all clause requirements
  • Implementation and maintenance of PCI-DSS framework and working with external QSAs to achieve Report of Compliance (ROC)
  • Extensive experience of risk identification and assessment and introducing controls with support from business and technical groups
  • Participating in audits both internal and external and ability to manage these with internal participants
  • Create and manage a training and communications program promoting information security awareness

 

Required Skills:

  • Ability to communicate to all levels from adviser to executive
  • Excellent time management skills
  • Excellent communication and problem-solving skills; verbal and written
  • Analytical and problem solving skills
  • Ability to present ideas clearly in ways which are relevant to your audience
  • Willingness and ability to learn new technologies and concepts
  • Third party assessment to establish a risk landscape for our partners
  • Ability to work independently
  • A high attention to detail is required for this role
Apply

This website is using cookies to improve your browsing experience. If you navigate to another page without changing the settings below you consent to this. Read more about cookies.

  
}