Information Security Manager

  • Permanent, full-time
  • Bristol
  • Posted 4 weeks ago


The main purpose of this important new role is to develop and manage the Information Security Framework across the firm.


  • Coordinate internal efforts toward maintenance of relevant information security standards as the firm sees fit to adopt (e.g. ISO 27001) and a culture of continuous improvement
  • Ensure adherence to, communication and training of Information Security policies, procedures and guidelines
  • Manage the Information Security aspects of client bids, on-boarding and audits
  • Delivery of Information Security reporting, presentations and KPI’s
  • Provide representation on external Information Security groups

Information Security Management Framework

  • Increase awareness of Information Security Management across the firm through development of training, intranet communications and high level support (with the IT training team)
  • Support the Risk and Compliance team, COLP and COFA in their work to manage risk and security across the firm
  • Maintain appropriate Information Security risk registers and remediation measures with business managers, CCP and IT/Risk and Compliance managers
  • Co-ordinate all required policies and guidelines for Information Security and provide guidance to policy owners on how to achieve compliance with required standards
  • Co-ordinate and deliver the internal audit regime

Information Security

  • Ensure that all documentation complies with client requirements, ISO 27001 (or appropriate certifications) and firm policy in order to safeguard confidentiality and integrity of business information
  • Manage, maintain and regularly review security and compliance regime for ISO 27001 and other appropriate certifications
  • Co-ordinate day to day monitoring, detection, prevention and operation of our security breach process
  • Produce of Information Security risk indicators including heat maps / models
  • Organise monthly Information Security Report showing trend analysis and client reports
  • Plan annual management review

Management of Client bids, Client on-boarding and client DDQs

  • Respond to and support the bid process with regards to Information Security related issues
  • Manage response to Client’s Information Security questionnaires
  • Implement Information Security controls for new clients and/or where new services are delivered
  • Coordinate and manage scheduled audits by external auditors or clients

Continuous Improvement

  • Ensure that all measures implemented are reviewed and audited regularly to meet the needs of auditors and ensure compliance
  • Identification of areas of improvement for risk management, recommending and implementing best practice where appropriate

Supplier management

  1. Ensure Supplier DDQs are carried out and reviewed for suppliers
  2. Support R&C with contract review in relation in InfoSec clauses and requirements

We are looking for

  • The successful candidate will ideally be trained and qualified as an ISO27001 Lead Auditor (although other relevant qualifications will be valuable) with previous hands-on experience undertaking a similar role. You’ll also have an understanding of a Legal environment and the Information Security landscape.

Technical requirements:

  • Professionally qualified to one of CISSP/CISM/CISA with an awareness of applicable data privacy practices and laws
  • Good understanding of the technologies available in order to improve system availability and meet Business Continuity goals
  • Broad ranging consultancy skills (problem solving, change management, influencing, communication, research and data collection and analysis, process mapping, creative thinking, negotiation, etc.
  • An understanding of project management principles

More generally:

  • Outstanding communication skills
  • Experience working in a multi-site team
  • Ability to present ideas in business-friendly and user-friendly language across multiple geographies
  • Excellent understanding of the firm’s goals and objectives
  • Ability to effectively prioritise and execute tasks in a high-pressure environment
  • Keen attention to detail in terms of both tasks and communications
  • Good interpersonal skills and able to interact with people at all levels
  • Able to command respect of highly technical teams and influence at senior levels of the firm

    Job Overview
    Job Overview
    Job Location