Job Description
Information Security Manager (July 21)
Read all the information about this opportunity carefully, then use the application button below to send your CV and application.
ABOUT XCEPTOR
Xceptor delivers no-code automation software across the enterprise. We make data ingestion, data transformation, and process digitisation easy. Automation. Simply. Globally
OUR APPROACH
Our Clients: We pride ourselves on our straightforward and honest approach from a project and commercial perspective. As banking, financial services, and insurance specialists, our proven deployments enable us to grow strong, global relationships, and build an impressive client list of industry leaders. Want an independent viewpoint? Read recent analysis from Forrester and HfS on www.xceptor.com
Our Partners: Our ability to deliver great automation solutions is validated through our existing utility, consultancy, and technology partnerships, with the likes of EY, DTCC, Cognizant, and Finastra.
Our Platform: Our no-code automation platform for end-to-end and complex processes enables clients to leverage the right technology, at the right time, to drive the right outcomes. A single, common platform delivers client solutions, packaged solutions, and industry utilities, giving everyone access to the same technology, no matter the size, or the scale, of the challenge.
Our Values: Ambition is in our DNA and weembrace the opportunities ahead. Our curiosity and desire to grow drives us to learn from our customers and those around us. Our people are empowered, accountable and deliver. We pull together, step up and focus on outcomes. The brilliance of our people makes a positive difference to our clients’ ambitions. We are Xceptor.
THE ROLE
The Xceptor Information Security Manager is responsible for driving info Sec and risk management activities within the organisation. The role requires strong collaboration with groups across the business in order to define & execute the Info Sec strategy, with particular focus on gaining and maintaining ISO 27001 certification and potentially SOC II Type II reporting.
The role takes responsibility for information security across the operation, including proactive security activities, reactive activities should an incident occur and supporting sales activities to respond to info sec questions and RFPS that arise from customers.
This is an opportunity to shape how Xceptor operates in this critical area, ensuring best in class practices are adopted and evolve as the threat landscape changes.
DUTIES AND RESPONSBILITIES
- Establish and own the ISMS; own the plan for the organisation to achieve ISO 27001 in an agreed timescale
- Produce and maintain documentation to support the organisation - policies, procedures and guidance as appropriate to the ISMS
- Ensure that full security risk assessments are undertaken, the risk register is maintained and the risks are actively managed and treated. Develop and manage risk counter measures and treatment plans as required
- Act as a champion for improving the information security processes within the organisation, working closely with Development, SaaS, Delivery and the corporate IT functions to ensure designs, processes and controls are appropriate and challenging existing practices where appropriate.
- Implement an effective awareness and training programme for all relevant staff and monitor its quality and effectiveness
- Report progress to senior management and other key stakeholders, ensuring a sound, comprehensive status is reported and all issues, risks and exposure are highlighted in a timely and effective manner
- Provide support and guidance to stakeholders including providing management information on the status if the ISMS and progress towards certifications
- Set and agree security objectives for the organisation and monitor security performance, including the timely investigation and communication of security incidents, together with driving post-mortem activities.
- Liaise with external assessment bodies to ensure maintenance of the ISMS and certifications
- Manage or participate in any security reviews, and report on lessons learned as part of a continuous process improvement
- Manage Xceptor’s ongoing information security programme to ensure continued alignment with best practice
- Continually develop professional skills and experience including networking with other organisations to share best practice
- Maintain up to date knowledge of all current information security legislation and best practice guidelines
- Support client activities where information security activities are required, including assisting with RFP responses, client questionnaires, client audit requirements etc, developing mechanisms to make such work efficient and consistent
REQUIREMENTS AND QUALIFICATIONS
The Successful candidate will be able to evidence:
- Experience driving ISO 27001 practices and their role enabling an organisation to achieve and maintain certification
- Experience enabling an organisation to meet SOC II requirements
- Demonstrable skills owning, articulating and driving activities through other teams in order to achieve organisation-wide security objectives
- Strong written and verbal communication skills, including the ability to create clear documentation and presentations to explain activities, requirements, plans, issues etc to interested parties
- Experience managing responses to Information Security Questionnaires, RFPs and customer audits
- Strong IT literacy and technical awareness; able to work and communicate at different levels across technical / non-technical teams in order to achieve the necessary outcomes
- Qualifications – one of CISSP, CISM, ISO27001 Lead Auditor strongly preferred
- Degree/MA/Academic qualification in Computer Science or Engineering would be beneficial
In return we will offer exposure to global, blue-chip clients and an unparalleled experience of best practice. This is a fast-paced, dynamic, and highly collaborative environment where there are significant opportunities for growth and development.
Xceptor is an equal opportunities employer and welcomes applications from all sections of society and does not discriminate on grounds of race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, or gender identity or any other basis as protected by applicable law.