Senior Information Security Manager, Global Professional Services Firm, (Glasgow/Hybrid)

Our client is a global professional services business with an established brand dating back over 2 centuries.  As they continue to grow an established IT Security function, they are looking to hire a Senior Information Security Manager to be responsible for designing, implementing and managing a robust information security framework that aligns with the company’s objectives, regulatory, client and insurance requirements. This role ensures that security policies, standards and procedures are effectively developed, communicated and enforced.

 

The Senior Information Security Manager will oversee information security compliance, risk management and governance activities. This role will work closely with cross-functional teams, including the IT, Risk & Compliance, project management, and technical teams, to ensure Security & Privacy supports business objectives whilst maintaining compliance with relevant laws, standards and best practice.

 

Responsibilities

  • Develop and uphold information security governance frameworks and policies such as ISO27001 and NIST CSF.
  • Manage the IS risk strategy.
  • Facilitate the creation and implementation of security policies, standards, and procedures.
  • Regularly evaluate information security frameworks to maintain effectiveness.
  • Lead information security risk assessment processes to identify and evaluate risks, leveraging the Enterprise Risk Management Framework, Information Security Management System, and NIST risk management practices.
  • Supervise the execution of security audits and assessments.
  • Stay informed on regulatory updates and emerging security risks to ensure proactive risk management and compliance
  • Oversee the continuous improvement of information security and risk management processes.
  • Collaborate with internal teams to assess and manage security risks associated with vendors.

 

What we are looking for;

  • Strong knowledge of information security principles, best practices, and standards (e.g., ISO 27001, NIST).
  • Deep understanding of ISO 27001, NIST CSF, COBIT and other security and IT governance frameworks.
  • Experience in conducting vendor risk assessments and project security risk assessments.
  • Attention to detail and a commitment to maintaining high-quality standards.
  • Ideally an accreditation such as CISSP, CISM or the likes.

 

What’s on Offer? 

  • Competitive salary in line with market rate
  • Private Healthcare
  • Employee Assistance Programme
  • Up to 8% pension contribution
  • Flexible benefits
  • 3 days working from home