Information Security and Compliance Manager
Gemserv is constantly looking ahead to ensure we continue to deliver exceptional service in a rapidly changing world. Our business is evolving, but we remain clear about where we want to be and how we want to get there. We are looking for an ambitious and enthusiastic Information Security & Compliance Manager to join our Governance Risk and Compliance team.
We are currently looking for a highly motivated and results focused individual with a very good technical understanding of ISO standards. Your primary focus will be ensuring that Gemserv is compliant with the standards whilst actively promoting, supporting and coordinating the management of Gemserv’s Integrated Management Systems. Due to the nature of Gemserv’s business, this is a critical role working directly with Gemserv’s Audit & Risk Committee, Executive Team, Senior Managers and employees to promote best practice and compliance to agreed processes and procedures within Information Security, Quality, Environmental and Energy Standards. The successful applicant will lead on initiatives that build and engender a culture of compliance, risk management and continuous improvement throughout the business.
- Lead on the development of an integrated Management System, harmonising existing processes and management systems to promote Business Service Excellence through good practice and awareness;
- Assisting the development and maintenance of audit plan, communicating this with key stakeholders and within the wider business;
- Schedule and co-ordinate internal and external audits, communicated well in advance within the business, with requirements clearly defined;
- Liaise with external auditors to agree audit plans and ensure maintenance of the certification of standards held;
- Liaise with IT to ensure vulnerability scans and penetration tests are conducted within agreed timelines
- Review vulnerability, penetration test and incident management reports
- Documenting security breaches, post-incident and lessons learned activities for continual improvement.
- Liaise with IT to ensure required controls are being maintained effectively to meet regulatory and standard requirements;
- Managing risks of the business and ensuring all business risks are controlled to reduce potential loss to business.
- Updating and owning information security continuity of the business and schedule test plans accordingly.
- Being proactive in liaising with internal and external stakeholders on matters which relate to new or existing work and ensure changes in policies/ procedures are aligned to Gemserv’s Information Security and Quality Management systems and standards;
- Proactively engender a culture of best practice and procedure being adhered to that is efficient for the business and will ensure compliance;
- Proactively engage (via face-to-face meetings and dialogue) with Line Managers and Department Heads to promote, address and resolve key Management System issues, identifying, mitigating and managing potential risks;
- Analyse Information Security and Quality Management performance by liaising closely with all teams and customers, proactively addressing any issues, mitigating potential risks, identifying and recommending changes;
- Identifying and communicating regular threat updates impacting Gemserv’s business and technology landscape;
- Compile recommendations for the Executive Team on requirements for wider change(s) identified through observations and audits, engaging with the teams and working closely with them to produce Quality Improvement Plans.
- Undertake monthly one-to-one reviews with Department Heads to review quality, key issues and steps to improve engagement and compliance.
- Lead on the development and delivery of staff awareness events each year on Quality and Information Security Management; and
- Provide subject matter expert/quality reviews on Company documents and projects (i.e. tenders) as required;
Successful candidates will also need:
- Sound knowledge and understanding of Information Security Standards and Quality, specifically ISO 27001, 9001, and 14001 with a strong appreciation of continuous improvement;
- Certified internal auditor, with experience of auditing various sectors;
- Professional information security qualifications will be required (e.g. ISO 27001 LA, CISA, CISM).
- Relevant technical understanding of legislation around GDPR, UK Data Protection Act and relevant legal and regulatory requirements of the industries and jurisdictions within which Gemserv operates;
- Experience of providing guidance and advice to clients and stakeholders in order to promote a consistent approach;
- An eye for detail for improving customer satisfaction and improving client relations by direct interactions and taking corrective actions accordingly;
- Experience within the energy and environmental market having worked in in a similar sized SME;
- Experience in presenting succinctly to Executive teams, Senior Managers and employees
- Excellent organisational skills in order to proactively manage the Quality and Information Security Systems, scheduling, communicating and overseeing internal and external audits;
- Previous experience of building and managing stakeholder relationships;
- Ability to utilise diverse communications styles to engage stakeholders at different levels whilst being conscious of varying business priorities;
- Analytical skills, with an understanding of processes and controls;
- Experience in managing multiple projects/ tasks and delivering to key milestones;
- Ability to work under pressure whilst meeting tight deadlines;
- Excellent attention to detail and a solution-oriented approach.
- Engage with all levels of management to identify any continuous improvement action for the business.
Upon employment, employees should also have a sound awareness of the Company's Information, Quality, Environmental and Energy Management Systems.
WHAT WE OFFER
- 25 days annual leave, plus bank holidays
- Profit related Bonus (discretionary)
- Reward and recognition schemes
- Flexible working
- Private Bupa healthcare
- Life Assurance (up to 4 times annual salary)
- Matched pension contributions
- Season Ticket Loan
- Cycle to work scheme
- Buy and Sell annual leave
- Reimbursement of eye test and up to £50 towards glasses or contacts
- Corporate gym rates
- Yoga sessions
- Employee Assistance Programme
- Summer and Christmas parties, along with monthly Gembar
We are an expert provider of professional services in a world driven by data and technology. We work across various sectors, from government bodies to global blue-chip organisations and small independent companies.
Due to the nature of what we do, we are a people business. The contribution from every member of the team expands our workforce’s diverse range of experience, skills and personalities – each individually valued.
Gemserv is an equal opportunities employer, we celebrate diversity and are committed to create an inclusive environment for all employees.
We heavily invest in the learning and development opportunities, enabling our people to develop skills and gain experience, which will enhance career prospects for life. Many who started their careers with us have rapidly progressed into more senior positions.
At Gemserv no two days are the same, but we believe in a flexible approach to working which we know our employees’ value. That focus on encouraging a positive work/life balance extends to the many regular social events where employees get the opportunity to meet people from across the business and the wider industry in a more informal environment.
Due to Covid-19 restrictions, employees are currently working from home.
If you can see yourself working at Gemserv, then we would love to hear from you. Please submit your CV and application letter to us by clicking ‘Apply now’