INFORMATION SECURITY AND COMPLIANCE MANAGER
Halifax, West Yorkshire
Up to £80,000 (Dependent on Experience) + Extensive Benefits Package
SSP is a global provider of technology systems and solutions across the entire insurance industry. We provide core technology solutions, distribution and trading capability, advanced analytics and solution delivery.
We’re on the lookout for an Information Security and Compliance Manager who will be responsible for ensuring the confidentiality, integrity and availability of SSP data and client data, stored or used by SSP. The role will also be responsible for ensuring that SSP’s services provided to its clients are properly audited. The Information Security and Compliance Manager will set and monitor the legal, regulatory and contractual standards with which SSP must comply as a trusted supplier to the financial services industry.
WE’D LIKE TO MEET AN INFORMATION SECURITY AND COMPLIANCE MANAGER WITH:
• Ability to influence key stakeholders.
• Ability to engage, inspire and educate others.
• Strong level of business acumen.
• A proven track record of managing the security strategy of both mature software development and managed service organisations.
• A sound understanding the cyber security landscape, current threat levels and best practice.
• Demonstrable communication skills appropriate to all levels within the organisation.
• Experience of implementing and maintain an information security management system to the ISO/IEC 27001:2013 standard (Essential)
• Ability to secure AWS workloads and infrastructure
• CISM certified (Essential)
• CISSP, CISA, COBIT
• Knowledge of ITIL, Prince2, Agile, Waterfall and Kanban working methodologies
THE INFORMATION SECURITY AND COMPLIANCE MANAGER’S RESPONSIBILITIES INCLUDE:
Information Security - General
• Identify and agree with stakeholders the security threats faced by the organisation.
• Maintain and improve SSP’s Information Security Management System (ISMS) to meet legal, regulatory and contractual requirements.
• Maintain SSP’s risk register with the identified security risks, their treatment and revised ratings.
• Design and implement a program of audit and review to ensure that the ISMS is being complied with.
• Certification and Accreditation (ISO 27001, PCI-DSS etc.)
• Review technical and procedural controls designed to protect data on a regular basis.
• Ensure compliance with applicable legal data protection legislation and compliance with contractual client data protection requirements.
• Monitor existing and emerging threats and update SSP’s security policies and working practices.
• Further enhance the SSP program of vulnerability and penetration testing by an independent third party to validate the integrity and fitness-for-purpose of the security policy and its implementation.
• Implement, review and manage processes to ensure that remedial activities identified by testing are completed as required.
• In conjunction with the product architects and product development managers, define the approach to be used by the development teams to ensure that security is built into the software development process.
• Understand and develop strategies to secure containerised and serverless cloud based workloads
• Report to the business monthly on the status of SSP’s information security preparedness.
• Carry out appropriate communications to stakeholders on security matters, whilst educating the employee base on the latest security risks, threats, vulnerabilities and mitigation.
WHAT’S IN IT FOR YOU?
• A unique working environment where you’ll be surrounded by committed experts from a variety of backgrounds.
• We are offering a generous salary and matching pension scheme.
• A clear, personal learning and development plan that provides the frameworks and development solutions to ensure everyone has the opportunity to maximise their performance and realise their potential.
• Generous holiday allowance (25 days + Public Holidays), free parking and life assurance.
• A wide range of flexible benefits such as experience days, gym memberships, to wellbeing benefits like healthcare cashback plans, and so much more.
We have a strong, clear vision – to be the leading provider of insurance technology software – and our values describe what makes SSP unique, and capture the SSP spirit that runs through everything we do.
Respect – Ownership – Collaboration – Innovation – Energy
A CAREER WITH US:
SSP believes the most valuable asset for any business is the people it employs. It is crucial therefore to employ and invest in the best.
At SSP we believe that our diversity makes us stronger. As an equal opportunities employer we celebrate and support everyone who works for us. We are committed to providing equal opportunities in our working practices and are proud of our inclusive culture.
INFORMATION SECURITY AND COMPLIANCE MANAGER