Senior Information Security Manager

We’re First Central Insurance & Technology Group (First Central for short), an innovative, market-leading insurance company. We protect the things customers love so they can get on with what matters to them in life. 

Data drives us. It fuels our outstanding distribution, finance, technology and legal services. Our underwriting skills are built on data expertise; it creates the insights we need to give the right cover to the right customers at the right price. But, it’s the people inside and outside our business that power us. They make us stand out, help us succeed. We’re ambitious. We’re growing. We’ve won awards.   

Are you passionate about keeping data safe and secure? We're on the lookout for someone just like you to join our team as the Senior Information Security Manager (Info Sec). You'll be the go-to person for day-to-day leadership and management of our Info Sec Team, overseeing the services provided by the team, ensuring we're operating as a top-notch Info Sec risk, Governance, and oversight function. If you're ready to take on an exciting role within our Technology & Data pillar, leading, managing, and monitoring Information Security risk, governance, and assurance services, then keep reading!

We’d love you on the team if:

• You’ve got extensive experience leading an Info Sec team - possessing strong people management skills and you thrive on getting the best out of your team and supporting their development.
• You’ve experience of identifying and implementing incremental improvements in a mature Information Security governance environment, particularly in a technology & data focused business delivering change in an agile way.
• You’ve experience in maintaining ISO27001 and PCI certifications.
• Finally, you’ve a real passion for Information Security and have bags of enthusiasm to simply make things better!

We’re all about the power of flexibility. With office locations spanning Salford Quays, Manchester, Haywards Heath, West Sussex, Guernsey, and Gibraltar, we're all about finding the balance that works best for you. While you'll spend the majority of your time working from the comfort of your own home, we also value face-to-face interaction and offer the flexibility of spending a day a week in the office. Of course, the choice is yours - if you thrive in an office environment and prefer to be on-site more frequently, that's perfectly fine with us too. We're committed to creating a work environment that suits your needs and allows you to perform at your best.

Job responsibilities:

• Responsible for the leadership and management of the day-to-day operations of the Information Security Team and line management of colleagues within the team.
• Responsible for planning, execution and delivery of all Info Sec services and associated processes.
• Responsible for ensuring adherence to the Info Sec Risk Management process, including maintenance of the risk register, performing risk assessments, identification of risks and risk reporting. 
• Understand the business and information risk context, proactively work with other teams to develop architectures and countermeasures which mitigate risks to an acceptable level.
• Responsible for the monitoring of security risk within the agile change delivery process and providing guidance on requirements and incrementally maturing the security approach within the change process.
• Responsible for delivering the Info Sec awareness and communication plan to ensure that the Group companies are adequately protected and to promote good practice to improve Information Security culture within the business.
• Oversee the maintenance of the Info Sec Management System (ISMS) documentation and records to ensure compliance with chosen frameworks. Ensure that documented internal Information Security standards align with framework requirements. 
• Ensure that all compliance and assurance requirements are captured in assurance testing plans and other relevant roadmaps.
• Manage and maintain assurance, compliance and certification activities across Group to ensure continued compliance with Info Sec Frameworks, in particular ISO27001 and PCI-DSS.
• Lead and manage all Info Sec certification related activities.
• Maintain the day-to-day relationships with external compliance stakeholders such as the PCI QSA and ISO certification bodies.
• Provide guidance, support and assistance to the business on Information Security & related workstreams as required, thus acting as an SME on Info Sec
• Monitor changes to frameworks and control governance processes to keep First Central aligned with any changes.
• Monitor relevant regulatory (e.g. FCA) and contractual requirements with regard Info Sec and highlight gaps as required.
• Identify and communicate any improvements or gaps in Info Sec position across group.
• Identify and mature Info Sec processes, documents, etc as required.
• Produce regular Info Sec reporting & KPIs.  
• Assist in the management of security incidents when required.

Experience, Knowledge, Skills and Qualifications

• Detailed knowledge of Information Security frameworks and standards, in particular PCI-DSS and ISO27001, and experience of maintaining certifications.
• Extensive experience in managing and developing a team of information security professionals.
• Extensive Information and Cyber Security risk, governance and assurance experience.
• Proven track record of incrementally developing and maturing an Information Security risk & oversight function in a technical and data focused business, with an agile change delivery process.
• Suitable qualifications, e.g. ISO27001 Lead Implementor and Auditor or CISM.
• Excellent communication and interpersonal skills, both verbal and written.
• Excellent stakeholder management skills and the ability to influence key decision makers internally.
• Excellent analytical skills
• Excellent organisational skills.
• Excellent line management skills

Behaviours

• Able to demonstrate governance & oversight thinking and behaviours.
• Willingness to continually develop and learn new Information Security skills and soft skills.
• Self-motivated and enthusiastic with the desire to meet or exceed targets.
• An organised, pro-active and pragmatic approach to Information Security and Risk management.
• A flexible approach and positive attitude.
• Emphasis on attention to detail and accuracy.
• Strives to drive business improvements to contribute to the success of the business.

Are you ready to embark on a rewarding journey with First Central who values flexibility and empowers its colleagues to excel?

Don't miss out on this exciting opportunity to lead our Info Sec Team from the forefront of innovation. Apply now and take your career to new heights with us!

What can we do for you?

People first. Always. We’re passionate about our colleagues and know the best people deserve an extraordinary working environment. We owe it to them so that’s what we offer. Our workplaces are energetic, inspirational, supportive. To get a taste of the advantages you’ll enjoy, take a look at all our perks in full here. 

Intrigued? Our Talent team can tell you everything you need to know about what we want and what we’re offering, so feel free to get in touch.