A Quick Overview (Information Security Manager)
We are looking for a Information Security Manager to provide expertise on and raise the nChain Information Security Management System (ISMS). This will be based on ISO/IEC-27001 Information Security Standard (if required apply the revised ISO/IEC-27002 controls) and other best industry practises.
They will provide a continuous evaluation and assessment of our security assets, regulatory standards we must comply with and best practices we should comply with to boost our market standing.
The Information Security Manager will work with the wider Technology team in defining and maintaining functional and non-functional security requirements.
Responsibilities
- Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure the integrity, confidentiality, and availability of information owned, controlled, or processed by the organization.
- Support the ISO 27001 certification process, including gap analysis, documentation, and implementation of necessary controls, policies, and procedures.
- Stay abreast of the latest security and privacy legislation, regulations, advisories, alerts, and vulnerabilities pertaining to blockchain and the company.
- Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data, and the company's reputation.
- Conduct regular security audits, risk assessments, and testing of systems and processes to identify vulnerabilities; recommend and implement appropriate security controls.
- Liaise with stakeholders in relation to cybersecurity issues and provide future recommendations.
- Provide leadership, direction, and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.
- Examine impacts of new technologies on the company's overall information security. Establish processes to review implementation of new technologies to ensure security compliance.
Experience and Requirements:
- Bachelor's and Associate Degree in Computer Science, Technical, Information Technology, Engineering, Science, Information Security, or Information Systems / Application Security.
- Professional information security certification, such as CISSP, CISA, CISM, CRISC, or ISO 27001 Lead Auditor/Implementer.
- Minimum of 5 years of experience in a combination of risk management, information security, and IT jobs.
- Experience with cloud services providers security (AWS, Azure)
- Demonstrated experience with information security management systems (ISMS), IT audit, and ISO 27001/27002 standards.
- Strong understanding of the cybersecurity risks associated with various technologies and ways to manage them.
- A solid understanding of information technology and information security including firewalls, VPN, data loss prevention, IDS/IPS, web-proxy, and security audits.
- Exceptional communication skills, both verbal and written, with the ability to communicate security-related concepts to a broad range of technical and non-technical staff.
- Experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
- Experience with Financial Institutions or blockchain will be beneficial.
Perks & Benefits
- Enhanced private medical insurance (mental health, optical and dental coverage)
- Flexible / hybrid working
- Enhanced parental leave
- Training budget
- Cycle to work scheme
- 25 days of annual leave and holiday roll over 5 days
- Central London office location
- Shower facilities & Bike parking
- Unlimited coffee and hot drinks in the office
- Daily Fruit Baskets
- Paid for social Events
- Annual company parties
- Access to our perks system, Perk Box
nChain is committed to creating a diverse environment and is proud to be an equal opportunity employer.
All qualified applicants will receive consideration for employment without regard to race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.