A vast growing health technology company based in Edinburgh is looking for a passionate and highly motivated Information Security Manager to join their compliance team. This role will be responsible for overseeing the latest government policies and framework, and will be managing the company’s information security risk as well. The ideal candidate will also be responsible for the up to date review and updating of new and existing policies, assistance on the company’s regulatory team, and will spearhead the implementation of accreditations.
Job Description
Develop, maintain and continuously improve the organisation’s information security and privacy management systems in accordance with regulatory requirements, security best practice and business objectives
Create, develop and regularly review security and privacy-related policy, procedure and control frameworks
Own, deliver and report on risk management activities including methodology selection, risk identification, analysis, treatment planning and oversight of remediation activities
Maintain the information security Risk Register
Serve as a point of contact for third party accreditation bodies and respond promptly to requests for information throughout the third-party certification life cycle
Assume the role of privacy liaison, acting on behalf of the data protection officer
Deliver security awareness training sessions, including on-boarding of new employees
Prepare and issue regular reports for executive management that contribute to the assessment of risk at an enterprise level, provide updates on the status of operational activities and highlight key developments in the regulatory landscape
Provide specialist support to core business functions. Research and Development, Customer Success, Procurement and Operations
Person Specification
Essential:
Bachelor's Degree, preferably in a relevant field (IT, Computer Science, Information Security)
2 years minimum previous experience in an information security, data privacy or compliance-related role
Excellent analytical and problem solving skills. Logical thinker with attention to detail, including in policy writing, formatting, checking, publication, and dissemination
Practitioner-level comprehension of a majority of the following domains: access control, encryption and key management, network security, cloud computing architecture and services, logging and monitoring, risk management (Inc third-party risk), incident management, business continuity, data protection and compliance frameworks
Excellent oral and written communication skills, and the ability to compose presentations and correspondence appropriate to a wide ranging audience
Passion for cybersecurity, information security management, data protection and compliance. Strong commitment to continuous learning and professional development
Ability to work without supervision. Able to work on own initiative, organising and prioritising own and others workloads to changing and often tight deadlines, maintaining composure at all times
Ability to foresee potential risk and implement mitigations
Excellent interpersonal skills. Ability to foster relationships at all levels of the organisation whilst using tact and diplomacy to achieve objectives. Ability to lead and influence without authority
Excellent time management skills with the ability to re-prioritise. Ability to multitask, work efficiently under pressure, and deliver to deadlines
Must be flexible and adaptable to working hours / requirements in order to meet the needs of the business
Ability to maintain confidentiality
Desirable:
Industry-recognised professional certifications (CISSP, CISM, CRISC, CIPP/E, ISO27000-LI)
Previous experience of a range of business procedures and project management or completion of recognised business qualification
Experience with ISO 27000 series standards (ISMS) accreditations
Experience in health tech industry
Experience in healthcare or clinical services compliance
Medical device accreditation experience