LISO Manager

Milton Keynes

GEA Group

GEA makes an important contribution to a sustainable future with its solutions and services, particularly in the food, beverage and pharmaceutical sectors.

View all jobs at GEA Group

Apply now Apply later

Responsibilities / Tasks

The individual in this role is tasked with the following responsibilities to ensure the effective implementation and management of the local Information Security Management System (ISMS):

  • Oversees ISMS Implementation and Controls: Manages the local implementation of the ISMS, ensuring that security controls and measures align with the organisation's overall framework and policies.

  • Local Information Security Compliance: Ensures the application and adherence to information security requirements at the local level, maintaining compliance with global standards.

  • Advises on Information Security Matters: Provides guidance to the site manager on matters related to information security, ensuring that potential risks and vulnerabilities are appropriately addressed.

  • Supports Local Process Owners: Based on global directives, assists local process owners with information and asset inventory, classification, risk identification and assessment, as well as the definition and monitoring of appropriate security measures within business processes.

  • Integrates Security into Local Processes: Ensures that information security requirements are fully integrated into local business processes to maintain compliance and safeguard information assets.

  • Leads Awareness and Training Initiatives: Organises and manages local awareness and training programs on information security, ensuring a high level of employee participation, with demonstrable proof of engagement.

  • Manages Local Security Incidents: Handles local information security incidents promptly and in accordance with established protocols to mitigate risks.

  • Identifies Local Processes and Owners: Identifies all local processes within the ISMS scope and assigns the appropriate process owners, ensuring that these individuals are aware of the relevant policies.

  • Facilitates Risk and Protection Analysis: Works with process owners to analyse and determine the appropriate level of protection needed for each process, ensuring comprehensive risk assessments are performed.

  • Supports Security Measures Design and Documentation: Collaborates with process owners to design and document necessary information security measures, facilitating the creation of evidence documents that demonstrate the operational effectiveness of controls.

  • Ensures Asset and Application Reporting: Ensures that all process owners report on relevant assets, systems, and applications necessary to perform their respective processes, with particular attention to systems, applications, and infrastructure.

  • Assigns Risk Ownership: Allocates identified risks to the appropriate risk owner, ensuring their commitment to the role and associated responsibilities.

  • Supports Risk Mitigation: Works with risk owners to design suitable countermeasures to mitigate identified risks, ensuring an effective risk treatment process.

  • Consolidates Risk Treatment Reports: Collects and consolidates risk treatment progress reports from risk owners, ensuring that this information is accurately communicated to senior management.

  • Identifies Asset Owners: Identifies all relevant asset owners responsible for the assets and applications that support the processes within the ISMS scope.

  • Ensures Asset Owners are Informed: Ensures that asset owners are fully aware of the relevant policies and security requirements pertaining to their assets.

  • Guides Asset Risk Analysis: Instructs asset owners to perform risk analysis to identify vulnerabilities and necessary security controls, providing support as needed.

  • Supports Procedural Documentation: Assists asset owners in the creation, implementation, and documentation of procedural information security measures to ensure robust protection and compliance with ISMS requirements.

Your Profile / Qualifications

Profile and Qualifications

  • Bachler or Master Degree in Information Technology/ Computer Science / Cybersecurity, Business Administration, or a related technical discipline

  • IT Security Certifications advantageous (e.g. ITIL: Information Technology Infrastructure Library, COBIT: Control Objectives for Information and Related Technology, CISA: Certified Information Systems Auditor, CISM: Certified Information Security Manager

  • Information security Certifications

  • ISMS Lead Implementer, ISMS Lead Auditor, additional in accreditation of a certification body

Professional Knowledge and Experience

  • 3+ years of experience to Cyber- or Information Security

  • Good know-how in management-systems, audits, dealing with audit-findings

  • Knowing security standards such as ISO, PCI, HIPAA and SOX

  • Experience in multivendor Management and dealing with multiple suppliers

  • IT Service Management and ITIL process framework

Competencies

  • Strong interpersonal skills in communication and collaboration, fostering effective teamwork and positive relationships.

  • Highly organised with robust project management skills, ensuring a structured and methodical approach to tasks and deadlines.

  • Strong analytical and problem-solving abilities, capable of assessing challenges and delivering effective solutions.

  • Proficient in financial management, with experience in budget ownership and oversight.

Did we spark your interest?
Then please click apply above to access our guided application process.

Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  0  0  0
Category: Leadership Jobs

Tags: Audits CISA CISM COBIT Compliance Computer Science HIPAA ISMS ITIL Monitoring Risk analysis Risk assessment SOX Vulnerabilities

Perks/benefits: Career development

Region: Europe
Country: United Kingdom

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.