Information Security Manager

We are looking for an Information Security Manager to provide expertise on and raise the nChain Information Security Management System (ISMS). This will be based on ISO/IEC-27001 Information Security Standard (if required apply the revised ISO/IEC-27002 controls) and other best industry practices.

The role will provide a continuous evaluation and assessment of our security assets, regulatory standards we must comply with and best practices we should comply with to boost our market standing.

The Information Security Manager will work with the wider Technology team defining and maintaining functional and non-functional security requirements.

RESPONSIBILITIES

We expect you to

• Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure the integrity, confidentiality, and availability of information owned, controlled, or processed by the organisation.


• Support the ISO 27001 certification process, including gap analysis, documentation, and implementation of necessary controls, policies, and procedures.


• Stay abreast of the latest security and privacy legislation, regulations, advisories, alerts, and vulnerabilities pertaining to blockchain and the company.


• Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data, and the company's reputation.


• Conduct regular security audits, risk assessments, and testing of systems and processes to identify vulnerabilities; recommend and implement appropriate security controls.


• Liaise with stakeholders in relation to cybersecurity issues and provide future recommendations.


• Provide leadership, direction, and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.


• Examine impacts of new technologies on the company's overall information security.


• Establish processes to review implementation of new technologies to ensure security compliance.
  
  Bachelor's and Associate Degree in Computer Science, Technical, Information Technology, Engineering, Science, Information Security, or Information Systems /Application Security.


• Professional information security certification, such as CISSP, CISA, CISM, CRISC, or ISO27001 Lead Auditor/Implementer.


• Minimum of 5 years of experience in a combination of risk management, information security, and IT jobs.


• Experience with cloud services providers security (AWS, Azure).


• Demonstrated experience with information security management systems (ISMS), IT audit, and ISO 27001/27002 standards.


• Strong understanding of the cybersecurity risks associated with various technologies and ways to manage them.


• A solid understanding of information technology and information security including firewalls, VPN, data loss prevention, IDS/IPS, web-proxy, and security audits.


• Exceptional communication skills, both verbal and written, with the ability to communicate security-related concepts to a broad range of technical and non-technical staff.


• Experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.


• Experience with Financial Institutions or blockchain will be beneficial.