Security Compliance Manager
Day Rate: £650 p/d inside IR35
Location: London/ Hybrid
Duration: 6 months
The primary focus of this role is to safeguard the confidentiality, integrity, and availability of our information assets and systems. This entails providing effective guidance, monitoring, and adherence to regulatory, legislative, international standards, and industry best practices in information security.
- Information Security Management System (ISMS):
- Implement and manage the Information Security Management System in alignment with ISO 27001 and any future standards or requirements, such as the Telecoms Security Act.
- Ensure the accuracy, currency, and availability of all compliance documentation, including the Information Security Compliance Toolkit. This includes maintaining the Asset Register, Business Impact Assessment, Risk Treatment Plan, Statement of Applicability, and Control Maturity, as well as Policies and Standards.
- Manage and renew all relevant certificates and accreditations within budget and on time. This includes ISO 27001, GCN, DNSP, Cyber Essentials Plus, and HSCN.
- Oversee the timely and budget-conscious execution of Penetration Testing and IT Health Checks to support certificate and accreditation requirements.
- Collaborate with stakeholders across the organization to create and execute remediation plans within specified timeframes, ensuring compliance with all certificates and accreditations.
- Conduct gap analyses for emerging standards or requirements like the Telecoms Security Act, offering support for their implementation.
- Plan, manage, and conduct internal audits for all compliant teams and sites. Deliver comprehensive reports as part of the internal audit program to maintain compliance with ISO 27001 and other future standards.
- Document audit findings in a standardized format and track corrective actions to completion. Ensure that all corrective actions stemming from audits are effectively managed.
- Assist in the External Audit program by participating in planning, delivery, and corrective action management.