Job Description

Company Overview:

Serbus, established in 2010, is an Information Security and Risk Management (IS&RM) company specializing in secure communications, data, and personnel security. Our expertise in commercial and defense communication solutions enables our clients to operate safely and securely in remote and hostile environments worldwide.

Summary:

We are seeking an experienced Information Security Manager to join our team in the UK.

The Information Security Manager will be responsible for protecting the Group's data and information systems from cyber threats and unauthorised access. This includes developing and implementing security policies, assessing risks, providing reports and managing security incidents. You will also oversee security awareness training, security compliance, security accreditation and collaborate with various stakeholders to foster a security-conscious culture.

Standards:

Maintain and assess the business to an ISO 27001 standard, Cyber Essentials Plus, and Cyber Assessment Framework (CAF). Appropriate knowledge to meet future group aspirations of aligning to the CIS Benchmarks and IT systems accredited to UK Government OFFICIAL SENSITIVE. Lead internal audits, external audits and certifications to assess ISMS effectiveness and drive continuous improvement. Manage and maintain the Information Security Management System (ISMS) in collaboration with external partners Work with the IT manager to maintain and update the IT Security Policies

Risk Management:

Conduct regular risk assessments and vulnerability assessments to identify potential threats and weaknesses in our information security infrastructure. Establish, maintain and enforce security policies, procedures, and controls to mitigate information security risks and vulnerabilities. Conduct technical assessments of new suppliers, platforms, and software, including security architecture reviews, documentation checks, and evidence of compliance.

Awareness and Stakeholder Engagement:

Provide guidance and support to employees on information security matters and promote a culture of security awareness throughout the organisation. Conduct security awareness training to help staff recognise and navigate cybersecurity threats. Management of tabletop team exercises and incident response playbooks. Prepare and deliver reports on information security metrics, incidents, and compliance to senior management and relevant stakeholders. Collaborate with internal stakeholders to ensure that information security requirements are integrated into business processes and systems.

Security Operations:

Define and enforce information security policies, standards, and guidelines across the organisation. Create, manage and update the cyber incident response process on behalf of the CISO, ensuring stakeholders have been identified and trained.Stay up to date with the latest information security trends, threats, and best practices, and make recommendations for enhancing the organisation's security posture. Manage the incident response process on behalf of the CISO and lead investigations into information security breaches or incidents. Co-ordinate a 6 monthly incident response exercise, testing processes, procedures and disaster recovery Ensure all endpoints, servers, firewalls, and network devices are secure and meet compliance standards. Focus on protecting the confidentiality, integrity, and availability of the organisation's data, both digital and physical Monitor for CVE's using publicly available information or via services procured by the business, ensuring the IT team are aware If required, advise and assist with customer projects requiring cyber security advice or Secure by Design (SbD) artifacts Conduct monthly SOC report reviews, providing regular executive summaries to the CISO.

Key Deliverables:

Align the business' security stance to comply with ISO 27001and Cyber Essentials Plus, or in accordance with the Cyber Assessment Framework. Improve the Cyber Awareness within the company via communications, Cyber Awareness training and monitoring of Staff compliance. Enhance and maintain a high Microsoft 365 secure score by implementing Microsoft advisories. Identify, assess, and mitigate security risks to the organisation's data and infrastructure Oversee the creation and document management of polices and standards Complete a full assessment of all third-party applications Provide regular security reports to the CISO as required Advise the CISO, IT Team and the wider business on matters relating to cyber security Near future; Manage the security aspects of the internal IT system's design to meet Secure by Design for OFFICIAL SENSITIVE

Experience:

Proven experience as an Information Security Manager or similar role, preferably within Defence, UK Government and/or commercial security supplier. Strong knowledge of information security principles, practices, and technologies. Experience with incident response planning and execution. Familiarity with NIST. CAF standards and ISO frameworks is preferred. Excellent project management skills with the ability to lead cross-functional teams. Strong analytical skills with attention to detail. Excellent communication skills, both written and verbal.

Qualifications:

Educated to degree level (or equivalent) is highly desirable but not essential. Relevant certifications such as CISSP, CISM, or equivalent are highly desirable.

Conditions of Employment:

Must have the right to work in the UK Must be able to gain SC clearance as standard along with any specific security clearances required for the role.

To Apply:

If you have the skills and experience outlined above, we would love to hear from you.

Please submit a CV and cover letter detailing your experience and skills that make you a a suitable candidate for this role.

If you are passionate about safeguarding information in a dynamic environment, we invite you to apply today and be part of our mission at Serbus!

Job Type: Full-time

Pay: 45,000.00-60,000.00 per year

Benefits:

Company pension Employee discount Health & wellbeing programme On-site parking Sick pay Work from home
Work Location: Hybrid remote in Hereford HR2 6FJ