Senior Information Security Manager

Location: Gibraltar, Guernsey, Haywards Heath, Home Office (Remote) or Manchester

Salary: Up to £90,000 depending on experience

Department: Technology and Data

We’re First Central Insurance & Technology Group (First Central for short), an innovative, market-leading insurance company. We protect the things customers love so they can get on with what matters to them in life.

Data drives us. It fuels our outstanding distribution, finance, technology and legal services. Our underwriting skills are built on data expertise; it creates the insights we need to give the right cover to the right customers at the right price. But, it’s the people inside and outside our business that power us. They make us stand out, help us succeed. We’re ambitious. We’re growing. We’ve won awards.

Are you passionate about keeping data safe and secure? We're on the lookout for someone just like you to join our team as the Senior Information Security Manager (Info Sec). You'll be the go-to person for day-to-day leadership and management of our Info Sec Team, overseeing the services provided by the team, ensuring we're operating as a top-notch Info Sec risk, Governance, and oversight function. If you're ready to take on an exciting role within our Technology & Data pillar, leading, managing, and monitoring Information Security risk, governance, and assurance services, then keep reading!

We’d love you on the team if:

• You’ve got extensive experience leading an Information Security team - possessing strong people management skills and you thrive on getting the best out of your team and supporting their development.
• You’ve experience of identifying and implementing incremental improvements in a mature Information Security governance environment, particularly in a technology & data focused business delivering change in an agile way.
• You’ve experience in maintaining ISO27001 and PCI certifications.
• Finally, you’ve a real passion for Information Security and have bags of enthusiasm to simply make things better!

Job responsibilities:

• Responsible for the leadership and management of the day-to-day operations of the Information Security Team and line management of colleagues within the team.
• Responsible for planning, execution and delivery of all Information Security services and associated processes.
• Responsible for ensuring adherence to the Information Security Risk Management process, including maintenance of the risk register, performing risk assessments, identification of risks and risk reporting.
• Understand the business and information risk context, proactively work with other teams to develop architectures and countermeasures which mitigate risks to an acceptable level.
• Responsible for the monitoring of security risk within the agile change delivery process and providing guidance on requirements and incrementally maturing the security approach within the change process.
• Responsible for delivering the Information Security awareness and communication plan to ensure that the Group companies are adequately protected and to promote good practice to improve Information Security culture within the business.
• Oversee the maintenance of the Information Security Management System (ISMS) documentation and records to ensure compliance with chosen frameworks. Ensure that documented internal Information Security standards align with framework requirements.
• Ensure that all compliance and assurance requirements are captured in assurance testing plans and other relevant roadmaps.
• Manage and maintain assurance, compliance and certification activities across Group to ensure continued compliance with Information Security Frameworks, in particular ISO27001 and PCI-DSS.
• Lead and manage all Information Security certification related activities.
• Maintain the day-to-day relationships with external compliance stakeholders such as the PCI QSA and ISO certification bodies.
• Provide guidance, support and assistance to the business on Information Security & related workstreams as required, thus acting as an SME on Information Security.
• Monitor changes to frameworks and control governance processes to keep First Central aligned with any changes.
• Monitor relevant regulatory (e.g. FCA) and contractual requirements with regard Information Security and highlight gaps as required.
• Identify and communicate any improvements or gaps in Information Security position across group.
• Identify and mature Information Security processes, documents, etc as required.
• Assist in the management of security incidents when required.

Experience, Knowledge, Skills and Qualifications:

• Detailed knowledge of Information Security frameworks and standards, in particular PCI-DSS and ISO27001, and experience of maintaining certifications.
• Extensive experience in managing and developing a team of information security professionals.
• Extensive Information and Cyber Security risk, governance and assurance experience.
• Proven track record of incrementally developing and maturing an Information Security risk & oversight function in a technical and data focused business, with an agile change delivery process.
• Suitable qualifications, e.g. ISO27001 Lead Implementor and Auditor or CISM.
• Excellent communication and interpersonal skills, both verbal and written.
• Excellent stakeholder management skills and the ability to influence key decision makers internally.
• Excellent analytical skills.
• Excellent organisational skills.
• Excellent line management skills.

Behaviours:

• Able to demonstrate governance & oversight thinking and behaviours.
• Willingness to continually develop and learn new Information Security skills and soft skills.
• Self-motivated and enthusiastic with the desire to meet or exceed targets.
• An organised, pro-active and pragmatic approach to Information Security and Risk management.
• A flexible approach and positive attitude.
• Emphasis on attention to detail and accuracy.
• Strives to drive business improvements to contribute to the success of the business.

Are you ready to embark on a rewarding journey with First Central who values flexibility and empowers its colleagues to excel?

Don't miss out on this exciting opportunity to lead our Info Sec Team from the forefront of innovation. Apply now and take your career to new heights with us!