IT Security and Compliance Manager

Based in Leatherhead, Please check commute before applying

Job Purpose 

The IT Security & Compliance Manager is responsible for developing, updating, deploying and monitoring adherence to policies, processes and standards related to organisational and technical security. Being a SPOC for all aspects of cybersecurity within HMUK and leading incidents resolution.

We Want You To:

• Risk Assessment and Management - Assess and identify potential security threats, vulnerabilities and developing strategies to mitigate these risks. Establish a vulnerability management process aligned with headquarters guidelines.
• Policy Development and Enforcement – Create, maintain, update and enforce information security policies and procedures within the organisation to ensure compliance with relevant laws and standards.
• Compliance Monitoring – manage the organisations adherence to security policies and regulatory requirements.  Prepare compliance reports for HoS according to established frequency and on request.
• Incident Response – managing security incidents, including detection, response and reporting to ensure minimal impact to the business.
• Training and Awareness – educating employees about security policies, procedures and best practices to foster a culture of security awareness. Prepare and execute an annual training plan.
• Support HoS to develop the optimized security strategy and the roadmap in conjunction with headquarters and Legal Dpt.
• Lead & Implement security projects aligned with this roadmap.
• Work collaboratively with Governance & Compliance Manager and Legal dept to validate and approve the security measures established by suppliers who have access to HMUK data/ systems and any other activities that will require security measures review and approval
• Be a key member of Data Breach Task force, Disaster management team, Business continuity team etc to manage and resolve all issues related to cybersecurity aspects of the incident.
• Maintain an up-to-date understanding of regulatory requirements, industry changes and challenges in the field of IT cybersecurity

About You

• Knowledge of Compliance and Regulations, relevant laws and standards related to IT cybersecurity.
• Attention to detail; meticulous approach to identifying and addressing security risks.
• Analytical skills: ability to assess complex security issues and develop effective solutions.
• Strong communication skills; proficiency in conveying security concepts and policies to both technical and non-technical stakeholders.
• Good project management skills
• At least 5 years’ experience in an IT security role, dealing with security management principles, including risk assessment, threat analysis, incident response, and security architecture
• Track record of continuous learning in the cybersecurity field
• Desirable - Certified information systems security professional (CISSP)

What We Offer:

• Competitive Salary & Benefits Package
• Company Car + EV Charging
• Hybrid Working (3 days office/2 days home)
• Private Medical Insurance
• Office Lunch Allowance
• 25 Days Holidays plus Bank holidays with option to buy/sell
• Group Income Protection & Life Assurance
• Flexible Benefits & Retail Discount
• Pension 6% Matched
• Free Parking
• Access to Hyundai & Genesis Sponsored events