Are you a risk and security professional with an interest in and aptitude for technology? Looking for an opportunity to implement and apply risk and security practices in a way that actually, makes a difference to the business?
We are seeking someone with energy and experience to own and oversee the program of activities that will keep our business secure and compliant for the benefit of our staff, partners and customers. We don’t want policies for the sake of policies. This is your chance to really assess the business context and make sensible, appropriate recommendations, suitable for a modern tech company and see them through.
You have experience with ISO27001 and have worked in a similar role for an organisation.
The role is based in Glasgow and reports to the VP Operations.
- Business Improvement Champion
- Sophisticated approach to information security, risk management, data
- protection and continuous improvement
- Enthusiasm to educate the business and link security & risk activities to
- business outcomes.
- Raise awareness and influence stakeholders in the business to effect change
- and promote a continuous improvement mindset.
- ISO 27001
- Run the corrective actions register and drive actions
- Lead the IS Forum, including prepare agenda, minutes, reports
- Update risk register. Conduct risk assessments & applicability to our business
- Run information security management system (ISMS)
- Manage internal & external audits
- Report to management on ISMS
- Provide consultation and guidance to managers re: IS practices
- Scan and update the business on applicable legislation and regulation
- Maintain documents and policies related to ISMS
- Customer vendor risk assessment and procurement processes
- Respond to customer IT & Risk assessment requests (written and F2F)
- Maintain information to support sales and marketing
- Drive initiatives to proactively anticipate customer requirements
- Input to product development, to address risks, security, client expectations
- Data Protection
- Ensure compliance with data protection legislation
- Maintain documents, policies related to data protection
- Conduct PIAs and consult to other areas conducting them in the business
- Point of contact in the business for data protection queries
Skills, Experience, Mindset
- Self-starter, able to work to deadlines with a positive attitude
- Willing to take take responsibility, make decisions and recommendations
- Sophisticated understanding of risk based approaches in a fast paced tech business
- Prior responsibility for completing vendor risk assessments as vendor to banks
- Understanding of cloud software and considerations for risk and security
- Experience overseeing an Information Security Management System
- Achieved and or maintained an ISO 27001 certification
- Understanding of data protection regulations and implications for compliance
- Natural interest and in technology, ability to independently problem solve
- Experience implementing change programs and influencing stakeholders
- Excellent written and oral communication and presentation skills
- Confidence and experience interacting with customers and senior stakeholders
- Bonus: experience with Salesforce and Google Business Suite
- We offer a great place to work in a fun, dynamic environment with a totally committed team.
- You may be eligible to take part in our Employee Share Options Plan