Information Security Manager

Purpose of the Role
To carry out ongoing management of a robust Information Security System that ensures Edit achieves the level of standard required by ISO 27001 Information Security certification.

Main responsibilities
• Ensure that the ISMS is recognised by all staff and provide training where necessary 
• Manage a process of continuous review, scope change, recommendation and refinement of the ISMS
• Ensure preventive and corrective actions are raised and followed through to completion
• Conducting risk assessment activities including identification of assets, business impact assessment, threat & vulnerability assessment, compliance assessment, and proposing risk treatment
• Co-ordinate ISO 27001 management reviews 
• Maintain all ISO 27001 mandatory procedures
• Liaising with UKAS auditing bodies and organising external Certification audits 
• Responsible for ongoing accreditation journey (ISO 27017/ISO27018/BS10012)
• Responsible for Business Continuity activities
• Provide support to team leaders and departmental heads on Information Security queries
• Work as an integral part of Edits governance function incorporating information Security, Data Protection and Legal.
• Ensuring the ISMS content and management of the ISMS conform with the requirements of ISO27001:2013
• Reviewing and maintaining ISMS policies and procedures
• Reporting on the performance of the ISMS to Senior Management
• Implementation of the Information Security Policies, associated controls and ISMS and procedures. 
• Management, investigation and escalation of Security Incidents
• Managing ISMS audit schedule 
• Maintaining the Risk Treatment plan, allocating responsibilities, actions and target dates and updating actions
• Maintaining the Statement of Applicability
• Collecting and reviewing measurement and performance metrics and monitoring the effectiveness of the ISMS and associated controls and policies.
• Maintaining ISMS documentation and ensuring all ISMS documents comply with document control requirements

Essential Requirements
• Experience in managing an ISMS for a mid-size organisation with ISO 27001 certification
• Ability to work on your own and in a team 
• Excellent MSOffice skills including SharePoint; 
• Excellent communication skills; 
• Ability to build excellent relationships at all levels of the business; 

Desirable Requirements
• Experience of ISO27017/ISO2718 desired but not essential 
• Experience of auditing internal departments is preferred but not essential
• Direct marketing industry experience is preferred but not essential

To send in a CV and apply, please click the 'Apply for this job' button.

Edit work with myBench to assist with our recruitment. If you choose to upload your information this could be held by Edit and MyBench and each organisation’s privacy policies will apply to their handling of your information.

MyBench Privacy Policy –
Edit Privacy Policy -

You may be contacted by either organisation to discuss your CV further.

If you experience any issues when applying for this role, please call 01225 480 480.