Security and Compliance Lead

Security and Compliance Lead

Leatherhead, Surrey (remote working with 1 or 2 visits a month to the office is possible)

£45-50,000 negotiable plus package

Fast-growing SaaS provider, supplying the NHS daily with vital medicines safety information and provide innovative solutions to support the Life Sciences and wider Healthcare sectors require a Security and Compliance Lead

THE JOB ROLE

They are currently looking for a dynamic, high calibre person to join the security team, reporting into the Head of IT and Security. You will help to oversee the effective management of Information Security and IT Risk in the business. This is a high-profile role that will require you to be able to hold your own with stakeholders up to C-suite level, to challenge and negotiate effectively whilst building mutually trusting relationships.

It is a great opportunity for someone with the motivation and ambition to work on major transformation projects and drive the IT and Information Security risk management strategy within a fast-growing organisation. The Security and Compliance Manager has responsibilities spanning information security policies, contractual reviews, risk management, and training and awareness.

WHAT YOU'LL DO

• Identifying and evaluating IT and Cyber risks and developing relevant methods for remediation.
• Driving Information Security Governance including, but not limited to, conducting BAU Risk Assessments, reviewing information security policies and standards, supporting contract reviews, and driving compliance around Third Party supply chain defence.
• Driving a culture change of understanding and awareness around Cyber Security risks throughout IT and the business.
• Acting as the central point of contact with regards to information security; Ensuring the business is provided with advice and challenges around risks and controls relating to Information Security and IT, including remediation plans for known vulnerabilities.
• Review and complete threat assessments.
• Facilitate deep dive risk reviews of critical deliverables, reviewing Information Security, IT and systems elements of projects.
• Review, challenge and test Information Security and IT key controls to ensure they remain effective at mitigating the risk they are aligned to, recommending remedial actions where needed.
• Continuing the enhancement and implementation of information security and data processing policies and standards across the business and in particular, auditing and maintaining those processes.
• Progressing and closing internal/external audit non-conformities via an incident management system.
• Monitoring and managing the day to day Information security management system (ISMS).
• Plan, manage and undertake internal and third party audits on IT governance, information security and controls.
• Raise change requests for, and assist members of the IT team with the planning and deployment of technical security controls.
• Assist administration of security related IT services such as Microsoft Sentinel and Azure Security Centre.
• Lead investigations into potential information security or GDPR breaches.

As much as possible of the following would be great but if not let's chat anyway!

• Demonstrable experience in Information Security Risk management, including:
• Knowledge of application security principles and secure SDLC frameworks in an AGILE environment
• Knowledge and experience of Penetration testing
• Strong understanding of risk management framework, including Information Security, IT and project risk management.
• Strong interpersonal skills including stakeholder management, analysis and attention to detail.
• Good communication skills, both verbal and written.
• Knowledge of Network Architecture and Datamodelling.
• Strong business Process mapping skills and documentation.
• Experience of relevant data privacy laws and regulations.
• Knowledge of Cloud Computing concepts.
• Excellent skills in the identification and management of project Risks, Assumptions, Issues and Dependencies (RAID).
• Experience in managing policies and procedures in line with ISO 27001 (and knowledge of the 2022 revisions), ISO9001 and Cyber Essentials specifications.
• Holding related InfoSec certifications (Lead Auditor/Practitioner, CISM, CISSP, CRISC etc).
• Good understanding of the Data Protection Act and implementation of EU GDPR.

We are looking for a candidate who can show the following:

• Communication skills: Excellent verbal, written and interpersonal skills.
• Committed to producing efficient and high-quality technical solutions.
• Proactive and self-motivated, able to set and achieve personal targets

WHAT'S IN IT FOR YOU?

• A fun, supportive, and inclusive culture - the opportunity to work with, and learn from, some great people
• Full onboarding and support to be successful in your role
• Ongoing training in software, including accreditations, and in the UK pharmaceutical industry
• Life insurance
• Medical insurance
• Discounts on gym membership, discounts with retailers
• Pension contribution
• 25 days holiday per annum

Don't meet every single requirement?

This company is dedicated to building a diverse, inclusive, and authentic workplace, so if you are excited about this role but your experience does not align perfectly with every qualification in the job description, we still encourage you to apply. You may just be the right candidate for this role or another within the company.

TLP Consultancy Ltd is acting as an Employment Agency in relation to this vacancy.