INFORMATION SECURITY COMPLIANCE & ASSURANCE MANAGER
24 Hour Assistance: +44 (0) 207 246 3333

INFORMATION SECURITY COMPLIANCE & ASSURANCE MANAGER

London, Farringdon

London, 27th May

REPORTING TO: HEAD OF INFORMATION SECURITY

Reed & Mackay leads the global travel and event management arena with extraordinary service and proprietary, client-led technology. Ranked first in the Sunday Times International Fast Track 2020, we are a business that is always looking forwards, while ensuring that we’re everything that our clients need today. In May 2021, we became part of the TripActions Group, and together we are setting the agenda for the future of business travel.

Due to the continuing growth of our business internationally and the importance we and our clients place on information security, a position has become available for a highly competent individual to join the Information Security Team.

PURPOSE OF THE ROLE:

This position is a full-time, hands-on role, as a part of the Information Security Team reporting to the Head of Information Security. The individual will have ownership of all aspects of information security risk, compliance and governance, information security assurance and third-party information security risk. They will be working on ensuring that industry standards and best practices are implemented as part of an integrated approach to security across the organisation. This is an outstanding opportunity to join a thriving and progressive company where Information Security is an important part of their strategic growth.

WHAT YOU’LL DO:

  • Manage the Information Security Compliance & Assurance function
  • Take ownership for the Information Security Management System and ensure compliance to ISO 27001, Cyber Essentials, SOC2 and PCI DSS compliance.
  • Take the lead on client assurance (questionnaires, contract reviews, audits etc.)
  • Identify and manage information Security Risk across the group and work with risk owners to develop and implement treatment
  • Manage the third-party risk programme – supplier due diligence and solution assessments
  • Manage and maintain information security policies
  • Manage/conduct information security audits as per a defined risk-based audit plan
  • Information security incident management
  • Manage the Information Security Awareness Programme and promote a security culture within the organisation.
  • Keep abreast of the latest information, cyber security and data protection trends and threats

WHAT WE’RE LOOKING FOR:

  • Proven professional experience in managing information security in a multi-site organisation
  • High-level knowledge of industry standards such as NIST, ISO 27001, SOC2, Cyber Essentials and PCI DSS
  • Strong understanding of security technologies and security concepts
  • This isn’t a technical role, however strong conceptual understanding of security operations, network, cloud, email, application, and enterprise security is essential.
  • Knowledge of data protection best practices and GDPR compliance is desirable
  • Excellent attention to detail, proactive, able to work independently and drive forward a programme of works
  • Resourceful people manager, able to motivate a team
  • Good verbal and written communication skills
  • Ability to make effective use of resources available to complete tasks to agreed deadlines
  • Familiarity with OneTrust would be beneficial
  • Hold a recognised information security qualification on such as CISM, CISSP, CCP or equivalent academic or professional security qualification.

INTERNAL RESPONSIBILITIES:

  • Responsible for assisting with compliance to Reed & Mackay’s certification programmes and policies.
  • Work closely with Legal, GRC, IT and other technical and operational functions across the business in managing information security controls as part of the integrated management system
  • Line management responsibility for 1x Information Security Analyst