Information Security Lead

Last updated 7 days ago
Location:Cambridgeshire

The role:
Reporting to the Global Director of Security, you will:
  • Drive the implementation, operation and maintenance of Abcam’s Information Security Management System (ISMS) and its efficacy within the business

  • Maintain alignment of the Information Security Management System with recognised best practice standards including the ISO / IEC 27000 series standards & NIST framework

  • Develop and implement the application of Abcam control standards by its suppliers and relevant third-parties

  • Support the development, awareness communication, compliance and assurance of information security policies, standards, procedures and guidelines across Abcam, its suppliers and relevant third-parties

  • Provide SME consultancy, offering internal IS guidance and practical assistance on information security risk and control matters throughout the organisation

  • With a particular focus on Information Security, contribute to the functional requirements of IT solutions across Abcam and its suppliers

  • Produce MI and reporting in relation to Information Security including Information Security related incidents

  • Maintain a working knowledge of technology, systems, processes, data and interfaces deployed across Abcam and its relevant suppliers and third-parties

  • Maintain knowledge of emerging information security technologies, ensuring cost-effective opportunities for improving the security of the business are identified and promoted.

Key accountabilities:

  • Owner of the maintenance of an Information Security Management System (ISMS) aligned with industry best practice, using the ISO / IEC 27000 series standards as a benchmark, comprising an Information Security Framework which delivers policy, standards and guidelines, and clearly defined controls

  • Review relevant legislation and recommend changes or enhancements to Abcam and relevant supplier or third-party controls or processes as appropriate

  • Provide SME input to Abcam information security training and awareness processes and campaigns

  • Continually promote awareness of information security within Abcam with the aim that information security controls become embedded within day to day behaviours and processes

  • Lead in appropriate governance and oversight forums, committees and processes helping to ensure the effectiveness of their operation, recording minutes, monitoring actions and chairing in the absence of the Global Director of Security where required.

  • Responsible for planning and operating positive assurance programmes covering the performance and effectiveness of information security controls within Abcam and its relevant suppliers and third-parties, and using sample test reviews or other appropriate testing

  • Operate Abcam data leakage protection processes ensuring timely review of generated reports, escalation and tracking of issues and production of appropriate MI.

  • Conduct due diligence of new suppliers ensuring information security controls have been properly risk assessed and providing advice to the on-boarding team regarding supplier suitability

  • Own the collation of data and produce clear and regularly updated Management Information covering Abcam and its relevant suppliers and third parties as required by the various committees and stakeholders.

  • Ensure appropriate and timely escalation of risks and issues relating to information security

  • Maintain leading edge knowledge of information security via published research, industry networking and formal training

  • Support business continuity and disaster recovery planning and testing.

Technical Assurance, Sign off and Delivery:
  • Work with the Abcam business areas to ensure that solutions have appropriate Information Security controls embedded within them as required by policy.

  • Provide input to relevant supplier and third-party transformation programmes as appropriate

Risks and Controls Framework:
  • Support development and promotion of information security policies, standards and guidelines

  • Contribute to business continuity and disaster recovery planning and assurance

  • Support the Global Director of Security in understanding, documenting and tracking information security risk across the business

Strategy and Direction Setting:
  • Provide expertise and support to information security strategy helping to ensure the direction is supportive of the overall digital and business strategies

  • Work with key stakeholders across Abcam to understand the changing needs of the business and to ensure information security controls remain aligned with business.

  • Provide support to the team, demonstrating the ability to work equally well as part of a team as on an independent basis

  • Support the CIRT resilience and recovery process as required.
Skills, Knowledge & Experience:
  • Relevant professional qualification such as CISSP or CISM

  • An expert knowledge of information security risks and controls from a governance, risk and compliance perspective

  • Sufficient technical IT knowledge relating to information security risks enabling collaboration with technical SME’s

  • Able to work flexibly and supportively within a small team

  • Able to work effectively with all levels of the business

  • Able to communicate with and challenge counterparts in relevant suppliers and third-parties

  • Able to describe, communicate and promote information security solutions and opportunities in a non-technical manner that the wider business community can understand

  • Relationship building at all levels
  • Excellent written, oral, presentation and facilitation skills, a self-starter with a high degree’ of initiative.