IT Risk, Controls and Security Manager

4731969
View Saved Jobs
Save Job

  • Job type

    Permanent

  • Location

    Surrey

  • Working Pattern

    Flexible Working,Full-time

  • Specialism

    Audit Risk And Compliance

  • Industry

    Healthcare & Medical

  • Pay

    £negotiable depending on experience £50-70000
Share Job

ISO27001, IT Risk, IT Compliance, IT Controls, IT Audit, Policy. Governance, Security, Surrey area

Your new company
A specialist organisation in the Health/ Medical sector offers hybrid working in this role based in North Surrey area.

Your new role
You will be working in the Risk team and will design, implement & maintain the Information Security Management System (ISMS) in accordance with ISO27001 in a company that manages highly sensitive data.
  • You will support the firm’s governance, addressing areas of risk and supporting plans to address these risks, including the compilation of business continuity plans (BCP).
  • You will work closely with colleagues in IT to enhance the technology & control frameworks regarding information security compliance & cyber threat security. Risk & Compliance
  • You will lead the development, implementation, and continuous improvement of our Information Security Management System (ISMS) in line with ISO 27001 and other regulatory standards.
  • Assessing security posture, identifying vulnerabilities, and developing mitigation strategies to manage enterprise-wide information security risks.
  • Maintaining and enhancing the organisation’s risk register and heat map, ensuring risks are scored, tracked, and treated effectively.
  • Overseeing the implementation and management of systems, including firewalls, encryption, and data protection controls.
  • You will also be responsible for Policy & Training, Incident & Breach Management, Risk & Control Management, Vendor & System Assurance.

What you'll need to succeed
You will ideally have the following experience and qualifications:
Professional certifications such as ISO 27001 Lead Implementer/Auditor as well as hands-on experience with auditing and maintaining accreditation for ISO 27001:2022
You will have a strong background in enterprise risk management, information governance, compliance, and risk assessment.
Excellent communication skills – both written and verbal are required – with the ability to influence and educate.
Knowledge of Cyber Essentials & SOC2 or other relevant standards would also be beneficial.

What you'll get in return
Salary is negotiable according to experience – they are considering salaries in excess of £50,000 within reason!
Hybrid working will move to 3 days a week in the office and 2 from home, after the initial settling-in period.
25 days holiday plus your birthday off!
Free parking plus a range of company benefits

What you need to do now
If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now.
If this job isn't quite right for you, but you are looking for a new position, please contact us for a confidential discussion on your career.

Apply for this job

linkedinApply through LinkedIn

Talk to Katy Sturgess, the specialist consultant managing this position

Located in Basingstoke, Ground Floor, 2200 Renaissance, Basing ViewTelephone 01256 633150
Click here to access our Privacy Policy, which provides detailed information on how we use and protect your personal information, and your rights in relation to this.

RELATED COURSE

Build your career with the skills employers need.