Drive the implementation, operation and maintenance of Abcam’s Information Security Management System (ISMS) and its efficacy within the business
Maintain alignment of the Information Security Management System with recognised best practice standards including the ISO / IEC 27000 series standards & NIST framework
Develop and implement the application of Abcam control standards by its suppliers and relevant third-parties
Support the development, awareness communication, compliance and assurance of information security policies, standards, procedures and guidelines across Abcam, its suppliers and relevant third-parties
Provide SME consultancy, offering internal IS guidance and practical assistance on information security risk and control matters throughout the organisation
With a particular focus on Information Security, contribute to the functional requirements of IT solutions across Abcam and its suppliers
Produce MI and reporting in relation to Information Security including Information Security related incidents
Maintain a working knowledge of technology, systems, processes, data and interfaces deployed across Abcam and its relevant suppliers and third-parties
Maintain knowledge of emerging information security technologies, ensuring cost-effective opportunities for improving the security of the business are identified and promoted.
Owner of the maintenance of an Information Security Management System (ISMS) aligned with industry best practice, using the ISO / IEC 27000 series standards as a benchmark, comprising an Information Security Framework which delivers policy, standards and guidelines, and clearly defined controls
Review relevant legislation and recommend changes or enhancements to Abcam and relevant supplier or third-party controls or processes as appropriate
Provide SME input to Abcam information security training and awareness processes and campaigns
Continually promote awareness of information security within Abcam with the aim that information security controls become embedded within day to day behaviours and processes
Lead in appropriate governance and oversight forums, committees and processes helping to ensure the effectiveness of their operation, recording minutes, monitoring actions and chairing in the absence of the Global Director of Security where required.
Responsible for planning and operating positive assurance programmes covering the performance and effectiveness of information security controls within Abcam and its relevant suppliers and third-parties, and using sample test reviews or other appropriate testing
Operate Abcam data leakage protection processes ensuring timely review of generated reports, escalation and tracking of issues and production of appropriate MI.
Conduct due diligence of new suppliers ensuring information security controls have been properly risk assessed and providing advice to the on-boarding team regarding supplier suitability
Own the collation of data and produce clear and regularly updated Management Information covering Abcam and its relevant suppliers and third parties as required by the various committees and stakeholders.
Ensure appropriate and timely escalation of risks and issues relating to information security
Maintain leading edge knowledge of information security via published research, industry networking and formal training
Support business continuity and disaster recovery planning and testing.
Work with the Abcam business areas to ensure that solutions have appropriate Information Security controls embedded within them as required by policy.
Provide input to relevant supplier and third-party transformation programmes as appropriate
Support development and promotion of information security policies, standards and guidelines
Contribute to business continuity and disaster recovery planning and assurance
Support the Global Director of Security in understanding, documenting and tracking information security risk across the business
Provide expertise and support to information security strategy helping to ensure the direction is supportive of the overall digital and business strategies
Work with key stakeholders across Abcam to understand the changing needs of the business and to ensure information security controls remain aligned with business.
Provide support to the team, demonstrating the ability to work equally well as part of a team as on an independent basis
- Support the CIRT resilience and recovery process as required.
Relevant professional qualification such as CISSP or CISM
An expert knowledge of information security risks and controls from a governance, risk and compliance perspective
Sufficient technical IT knowledge relating to information security risks enabling collaboration with technical SME’s
Able to work flexibly and supportively within a small team
Able to work effectively with all levels of the business
Able to communicate with and challenge counterparts in relevant suppliers and third-parties
Able to describe, communicate and promote information security solutions and opportunities in a non-technical manner that the wider business community can understand
- Relationship building at all levels
Excellent written, oral, presentation and facilitation skills, a self-starter with a high degree’ of initiative.