Information Security Compliance Manager

Overview

ROLE : Information Security Compliance Manager

Location: US Remote (EST Zone)

Duration : Permanent Staff Role

Morgan Advanced Materials is a business rich in history and innovation. Founded in the UK in 1856, we have grown into a global organisation with 70 sites in 18 countries. Our model to serve our customers where they need us has led to a diversified product range using our unparalleled expertise in ceramic and carbon materials, which we exploit to solve difficult problems for our customers across a diverse range of markets.

We are a purpose driven organisation. Our purpose is to use advanced materials to make the world more sustainable and to improve the quality of life. We deliver on that purpose through the products that we make, and the way that we make them.

We help our customers push the limits of their processes and products to meet the demanding requirements they face, from higher process temperatures to higher product performance to increasing miniaturisation.

Key Figures: Revenue £1,114.7m (2023), ~8,500 employees, manufacturing in 20+ countries, and a global customer portfolio. A UK PLC with head office located in Windsor, Berkshire UK.  Listed on London Stock Exchange; Member of the FTSE 250 Index.

ROLE : Information Security Compliance Manager

Location: US Remote (EST Zone)

Duration : Permanent Staff Role

Morgan IT is on a mission to strengthen Digital Capabilities by creating an Evergreen IT estate as a cornerstone of company success in the coming century. This means fit-for-purpose, always up-to-date IT services on a green footprint that maximizes our people’s capabilities to drive business value.

To do so, the OneIT team is currently executing a strategic roadmap to make significant modernization and globalization steps in its IT estate, IT performance and business value from IT.

Morgan’s IT and security strategy is to leverage functionality and capability from our partnership with Microsoft, which will establish a secure and compliant IT environment.

SCOPE OF ROLE:

The Information Security Compliance Manager is responsible for developing, implementing, and managing the organization's information compliance program. The goal is to achieve and maintain industry-recognized cybersecurity accreditations, such as ISO 27001, Cyber Essentials, and other relevant certifications. The ideal candidate will have a strong background in cybersecurity or IT, along with extensive knowledge of risk management, regulatory compliance, and security best practices.

Responsibilities

ESSENTIAL DUTIES & REPONSIBILITIES:

• Compliance Management:
  • Act as the first point of contact for Information Governance and Information Security compliance enquiries, some of which will be of a confidential nature, referring enquirers onward where appropriate.
  • Oversee the organization’s information security compliance with relevant regulations, including global data privacy laws (e.g., GDPR, CCPA), global export control regulations (e.g. ITAR, EAR, EU Dual-Use Regulation, ECJU, China ECL), and financial compliance requirements.
• Security Compliance Program Development:
  • Design, implement, and manage a comprehensive security compliance program aimed at achieving cybersecurity certifications such as ISO 27001, Cyber Essentials, and similar accreditations.
• Risk Management Program:
  • Manage the IT risk management program, including identifying, assessing, and mitigating information security risks. Conducting risk assessments and reviews, including Impact Assessments for new and existing systems/processes.
• Awareness Training:
  • Develop and conduct security awareness training programs to educate employees on compliance obligations and best practices in information security.
• Audit Activities:
  • Guide Plan and coordinate internal and external audit activities to ensure compliance with established policies and standards. Address audit findings and manage remediation efforts.
• Penetration Testing:
  • Oversee penetration testing activities, ensuring identified vulnerabilities are tracked and remediated effectively.
• Third-Party Risk Management:
  • Manage third-party risk by evaluating the security posture of vendors, partners, and service providers, ensuring compliance with security and regulatory requirements.
• Incident Response:
  • Collaborate with the incident response team to ensure proper documentation and handling of security incidents, ensuring lessons learned are integrated into the compliance program.
• Reporting:
  • Create and maintain dashboards and performance reports (including trends, thematic analysis, commentary and highlighting issues) against key performance indicators, highlighting areas of improvement and ongoing information security and compliance efforts.

Qualifications

QUALIFICATIONS & EXPERIENCE

• Bachelor’s degree in information systems, Computer Science, Information Security, or related field
• Ability to work independently and collaboratively.
• Proven experience in developing and managing security compliance programs.
• Strong understanding of global data privacy laws, export control regulations, and financial compliance requirements.
• Hands-on experience with cybersecurity frameworks and standards, such as ISO 27001, NIST, Cyber Essentials, etc.
• Familiarity with risk management principles and best practices.
• Experience in managing audit activities, including working with internal and external auditors.
• Knowledge of third-party risk management and security assessment of vendors.
• Excellent communication skills, with the ability to present complex information clearly to various stakeholders.
• Relevant certifications such as CISM, CISA, CRISC, ISO27001, SOC, ISAE3402, DLL or similar would be an advantage.

Morgan Advanced Materials is an EEO/AA/M/W/D/V Employer Ind-1