UK APPLICANTS ONLY
Security is at the heart of what Surevine do and our Information Security Lead is responsible for keeping us honest to that. Responsible for the development, implementation, delivery and support of our Information Security Management System (ISMS), they will ensure Security doesn’t become a tick-box exercise in compliance, but remains aligned with the strategic requirements of the business, through the promotion of a security awareness culture throughout the business and an active programme of training, audits and exercises.
This role is ultimately to ensure protections are in place, and being continually monitored and improved, to ensure the business minimises security threats and our security culture is externally benchmarked to meet or exceed the appropriate standards to demonstrate our security stance to the business’ stakeholders, e.g. maintaining ISO27001 and Cyber Essentials Plus certification.
Skills and experience
- You will have carried out audits and have many examples of actioning any non-compliances or making improvements through effective training, processes and systems, e.g. you have completed ISO27001 audits and actioned observations
- You will have defined and run exercises that test people, processes and tools are complying with a Security Information Management System and more generally ensuring a system is in place that is effective against a documented set of potential threats
- You have maintained and run an effective Incident Management process responding to security incidents quickly and ensure continuity of the business or organization
- You will be a sensitive and sophisticated communicator, able to adapt your interactions to allSurevine stakeholders, including the board, in a way that is accessible to both technical and non-technical customers, employees, contractors, partners and board memberS
- You will be able to demonstrate highly experienced managerial skills required to expertly manage the security programmes, projects and initiatives you will lead.
- You will have a deep understanding of software, platform and infrastructure cloud services (particularly Amazon Web Services) and the implications of using such services to support the business and its customers
- You will be able to support an estate of mainly Apple end-user devices, e.g. Macs and iOS devices, used to connect to typically cloud-based services by our remote workers.Information Security Lead
- Ensure the right tools, processes and culture is in place to maintain and continue to build on our living Information Security Management System
- Maintain an accurate risk register for the business, ensuring effective treatments are in place for risks and communicating an accurate picture of the risk profile to the board as required, e.g. at board meetings
- Complete the necessary audits to maintain our ISO27001 certification and build on our Information Security Management System to incorporate aspects of other relevant standards, to include our current Cyber Essential Plus certification
- Be the main point-of-contact for external accreditation bodies ensuring our certifications are maintained