Information Security Manager

Location Edinburgh
Discipline: Information & Cyber Security, Technology Management
Job type: Permanent
Salary: up to 50K per annum

​A vast growing health technology company based in Edinburgh is looking for a passionate and highly motivated Information Security Manager to join their compliance team. This role will be responsible for overseeing the latest government policies and framework, and will be managing the company’s information security risk as well. The ideal candidate will also be responsible for the up to date review and updating of new and existing policies, assistance on the company’s regulatory team, and will spearhead the implementation of accreditations.

Job Description

  • Develop, maintain and continuously improve the organisation’s information security and privacy management systems in accordance with regulatory requirements, security best practice and business objectives

  • Create, develop and regularly review security and privacy-related policy, procedure and control frameworks

  • Own, deliver and report on risk management activities including methodology selection, risk identification, analysis, treatment planning and oversight of remediation activities

  • Maintain the information security Risk Register

  • Serve as a point of contact for third party accreditation bodies and respond promptly to requests for information throughout the third-party certification life cycle

  • Assume the role of privacy liaison, acting on behalf of the data protection officer

  • Deliver security awareness training sessions, including on-boarding of new employees

  • Prepare and issue regular reports for executive management that contribute to the assessment of risk at an enterprise level, provide updates on the status of operational activities and highlight key developments in the regulatory landscape

  • Provide specialist support to core business functions. Research and Development, Customer Success, Procurement and Operations

Person Specification

Essential:

  • Bachelor's Degree, preferably in a relevant field (IT, Computer Science, Information Security)

  • 2 years minimum previous experience in an information security, data privacy or compliance-related role

  • Excellent analytical and problem solving skills. Logical thinker with attention to detail, including in policy writing, formatting, checking, publication, and dissemination

  • Practitioner-level comprehension of a majority of the following domains: access control, encryption and key management, network security, cloud computing architecture and services, logging and monitoring, risk management (Inc third-party risk), incident management, business continuity, data protection and compliance frameworks

  • Excellent oral and written communication skills, and the ability to compose presentations and correspondence appropriate to a wide ranging audience

  • Passion for cybersecurity, information security management, data protection and compliance. Strong commitment to continuous learning and professional development

  • Ability to work without supervision. Able to work on own initiative, organising and prioritising own and others workloads to changing and often tight deadlines, maintaining composure at all times

  • Ability to foresee potential risk and implement mitigations

  • Excellent interpersonal skills. Ability to foster relationships at all levels of the organisation whilst using tact and diplomacy to achieve objectives. Ability to lead and influence without authority

  • Excellent time management skills with the ability to re-prioritise. Ability to multitask, work efficiently under pressure, and deliver to deadlines

  • Must be flexible and adaptable to working hours / requirements in order to meet the needs of the business

  • Ability to maintain confidentiality

Desirable:

  • Industry-recognised professional certifications (CISSP, CISM, CRISC, CIPP/E, ISO27000-LI)

  • Previous experience of a range of business procedures and project management or completion of recognised business qualification

  • Experience with ISO 27000 series standards (ISMS) accreditations

  • Experience in health tech industry

  • Experience in healthcare or clinical services compliance

  • Medical device accreditation experience