Information Security Management System Manager (London)

Insight Investment is looking for a Information Security Management System (ISMS) Manager to join the Cyber Security team in London. Working within the CISO team as the designated ISMS Manager and acting as an information security subject matter expert, you will have a broad range of expertise across information security, cyber and data protection and be able to support, maintain and establish good practice security processes and controls across the organisation as well as articulate the current information security maturity posture to senior leadership.

Role Responsibilities

ISMS Implementation & Maintenance

• Develop, implement, and maintain the Information Security Management System (ISMS) and associated processes in compliance with ISO27001 and other relevant security standards.
• Establish and maintain documentation relevant to the management of the ISMS.
• Ensure continuous improvement of the ISMS by identifying gaps and support the implementation of corrective actions.
• Ensure the requirements of ISO22301 and the BCMS are integrated within the ISMS.

Governance

• Maintaining and chairing the ISMS Quarterly Management Reviews.
• Support in maintaining and improving our Information Security Forum (TIRG).
• Deputise for the Head of Information Security and/or Chief Information Security Officer, where necessary.

Risk Management

• Ownership and oversight of the information security risk management process, embedding an effective culture of transparency and visibility on all information security risks that impact the business.
• Develop and implement an effective risk management structure to support the identification, analysis, evaluation and treatment of information security risks.
• Oversee the maintenance of the information security risk register.
• Support in conducting risk assessments and development of risk treatment plans.

Compliance

• Collaborate with internal and external auditors to manage ISMS audits and certifications.
• Ensure compliance with regulatory and legal requirements, such as local laws, GDPR, or industry-specific cybersecurity standards.

Policy & Process Development

• Develop and update security policies, procedures, and guidelines to align with business needs and regulatory requirements.
• Ensure security policies are effectively communicated and adhered to across the organisation.

Cyber Strategy

• Work closely with the Head of Information Security and the Chief Information Security Officer to support with the establishment of a cyber strategy and Target Operating Model.

Cyber, Legal and Regulatory Landscape

• Monitor and report on the cyber, legal and regulatory landscape relevant to information security and Insight as an organisation.

Incident and Crisis Management

• Support the Incident and Crisis Management Teams with the response to information security incidents as required.

Security Training, Awareness, and Culture

• Support security training and awareness programs for employees.
• Provide guidance and best practices on information security to different teams within the organisation.
• Foster a culture of security-first thinking across the Lines of Business.

Collaboration & Stakeholder Management

• Work closely with Corporate Risk, Operational Resilience, and other relevant Lines of Business to integrate security practices into operations.
• Serve as the primary points of contact for ISMS-related matters with senior management and external stakeholders.
• Promote a collaborative working environment between Cyber, Technology and Data.

Experience Required

• Familiarity of internationally recognised information security standards such as the ISO27000 series and NIST.
• ISO27001 audit experience.
• Demonstrable professional experience of managing information security obligations for a global business.
• Ability to perform the duties of a designated information security manager in an independent manner, including corresponding with regulators and data subjects, providing advice and guidance to the business, and providing training and awareness to all staff.
• Relevant certifications such as CISSP, CISM, CompTIA Security+, ISO27001 Auditor etc.
• Experience in monitoring and reacting to the cyber threat, legal and regulatory landscape.
• Experience in providing independent support and advice on a wide variety of information security issues in language tailored to fit all relevant stakeholders.
• The ability to work effectively within a team environment and across various stakeholders, including senior leadership and clients.
• Practical experience of applying a range of risk management approaches, conducting risk assessments and being able to articulate risk effectively.
• An accomplished communicator with the ability and confidence to present complex issues and influence decisions at all levels within an organisation with excellent analytical, interpersonal and stakeholder management skills.

Soft Skills

• Strong analytical and problem-solving skills.
• Excellent communication and stakeholder management abilities.
• Ability to work independently and drive security initiatives proactively.

Nice to have

• Experience in the financial services sector.
• Previous work experience with regulators or industry bodies.

Insight is committed to being an inclusive employer and encourages applications from all suitably qualified applicants irrespective of background, circumstances, age, disability, gender identity, ethnicity, religion or belief and sexual orientation. If you are a candidate with a disability, or are assisting a candidate with a disability, and require an accommodation to apply for one of our jobs, please email us at TalentAcquisition@InsightInvestment.com.

About Insight Investment

Insight Investment is a leading asset manager focused on designing investment solutions to meet its clients' needs. Founded in 2002, Insight's collaborative approach has delivered both investment performance and growth in assets under management. Insight manages assets across its core liability-driven investment, risk management, full-spectrum fixed income, currency and absolute return capabilities.

Insight has a global network of operations in the UK, Ireland, Germany, US, Japan and Australia. More information about Insight Investment can be found at: www.insightinvestment.com.