Information Security Manager (hybrid working)

It is our mission to lead the way in understanding and supporting our partners and communities by delivering financial wellbeing for life. Our vision is for our members and community to have an understanding and control of their finances, achieving money happiness.

Overview of the Role

We are recruiting a professional, driven and influential Information Security Manager into a newly created role joining our talented IT team.

As a key driver for the protection of the business' critical Information assets, a crucial role shaping and establishing data protection compliance procedures and governance. You will provide expert advice on the promotion of data protection compliance including best practice procedures and be pivotal in building and maintaining GDPR compliance and regulatory reporting.

The role would suit an IT professional with a significant knowledge of Information Security, Cyber Security risk management best practices and IT Project Management disciplines.

Key Responsibilities (but not limited to):

• Engage as subject matter expert and working closely with the IT Team, network and security suppliers and the Senior Management Team on for all aspects of Information Security management with a particular focus on IT security audits, risk and compliance management and incident management
• Manage all aspects of ISO27001:2013, Cyber Security compliance and implement new policies and procedures, to maintain AOC annually
• Responsible for informing the organisation of emerging cyber and security threats
• Responsible for the development of Information Security practices and staff awareness and training
• Providing company-wide security expertise and assistance to business areas and individuals on good practice and requirements, to ensure the Saffron Group's Information Assets are appropriately protected, providing constructive challenge and using persuasion and negotiation to drive policy compliance
• Responsibility for managing cyber incidents; involving technical resolution, people resources and wider business communications
• Deliver Information Security strategy; including key internal change programmes; assess existing initiatives and identify new requirements, prioritising these in line with level of risk and budgetary requirements
• Responsible for the maintenance and acquisition of relevant Information Security industry certifications for the company
• Responsibility for organising and subsequent remediation of IT system; penetration and vulnerability testing and IT System hardening
• 3rd party due diligence and IT security risk assessments

In return, we can offer you a competitive salary along with our exceptional rewards and benefits package.

This is a full time role; working 35 hours per week, Monday - Friday. We operate a trust led flexible working approach focusing on individual, team and business needs. This role supports home working.

If you feel you embody our values and want to join a people and member focused Society then we would love to hear from you.