IT Risk, Controls and Security Manager

ISO27001, IT Risk, IT Compliance, IT Controls, IT Audit, Policy. Governance, Security, Surrey area

Your new company
A specialist organisation in the Health/ Medical sector offers hybrid working in this role based in North Surrey area.

Your new role You will be working in the Risk team and will design, implement & maintain the Information Security Management System (ISMS) in accordance with ISO27001 in a company that manages highly sensitive data.

• You will support the firm's governance, addressing areas of risk and supporting plans to address these risks, including the compilation of business continuity plans (BCP).
• You will work closely with colleagues in IT to enhance the technology & control frameworks regarding information security compliance & cyber threat security. Risk & Compliance
• You will lead the development, implementation, and continuous improvement of our Information Security Management System (ISMS) in line with ISO 27001 and other regulatory standards.
• Assessing security posture, identifying vulnerabilities, and developing mitigation strategies to manage enterprise-wide information security risks.
• Maintaining and enhancing the organisation's risk register and heat map, ensuring risks are scored, tracked, and treated effectively.
• Overseeing the implementation and management of systems, including firewalls, encryption, and data protection controls.
• You will also be responsible for Policy & Training, Incident & Breach Management, Risk & Control Management, Vendor & System Assurance.
  
  

What you'll need to succeed You will ideally have the following experience and qualifications:Professional certifications such as ISO 27001 Lead Implementer/Auditor as well as hands-on experience with auditing and maintaining accreditation for ISO 27001:2022
You will have a strong background in enterprise risk management, information governance, compliance, and risk assessment.
Excellent communication skills - both written and verbal are required - with the ability to influence and educate.
Knowledge of Cyber Essentials & SOC2 or other relevant standards would also be beneficial.
What you'll get in return
Salary is negotiable according to experience - they are considering salaries in excess of £50,000 within reason!
Hybrid working will move to 3 days a week in the office and 2 from home, after the initial settling-in period.
25 days holiday plus your birthday off!
Free parking plus a range of company benefits

What you need to do now
If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now.
If this job isn't quite right for you, but you are looking for a new position, please contact us for a confidential discussion on your career. #