Vacancy Spotlight: Security Manager | Leeds

Xchanging new featured

Reporting into the Xuber Head of Systems and Compliance, the Security Manager will co-ordinate the security & assurance programme for Xuber and lead the implementation of the information security management system for this organisation. The role holder will work closely with the Compliance Support Officers within Xuber and with peers as part of the Global Security & Assurance Practice group to ensure all areas of the businesses information assets and technologies are protected.

  • Maintain effective IT and information security controls and protocols across the business line
  • Align with the ISO 27001 standard in conjunction with on-going business needs
  • Proactively reduce the risk, likelihood and impact of any growing cyber threats or attack
  • Conduct regular Information Security Tracker meetings
  • Participate in Change Advisory Board and Management Review Meetings
  • Ensure effective policies are in place and embedded aligned to the business strategy
  • Respond to Security Incidents and ensure all stakeholders understand and perform their duties when an incident occurs
  • To ensure Business Continuity and Disaster Recovery policies, plans, procedures, testing and remediation is maintained and adequate across the business
  • Provide timely and accurate reports to the business
  • Ongoing management of the Information Security Management System
  • To oversee the ISO 27001 audit program, reviewing its effectiveness on a regular basis

We will also consider Wales and London as base locations

Key Accountabilities
  • Embed Information security and assurance activities within the business line
  • Review of Security Architecture definitions
  • Review Group Change projects against the security policies
  • Maintenance of the System Security Plan
  • Maintain and review Information regulatory compliance, Cybersecurity
  • Periodic review, oversight and challenge of key IT risks across the business
  • Experience of implementing procedures and policies around investigations, forensics, eDiscovery, Disaster Recovery, and business continuity
  • Set out security education programmes across the business
  • Review and maintain compliance with standards such as PCI-DSS, ISO27001, SOX, DPA, etc
  • Respond to bids/tenders regarding Information Security compliance
  • Participate in an annual refresh of policies
  • Stay abreast of information security issues and regulatory changes affecting the business
  • Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position
  • Track all information technology and security related audits including scope of audits, business units involved, timelines, auditing agencies and outcomes
  • Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities
  • Keep abreast of security incidents and act as primary control point during significant information security incidents
Skills, Experience & Qualifications

Skills/ Experience required:

  • At least 6 years’ experience in Information security / assurance positions
  • Experience within different regulatory and compliance environments
  • The ability to clearly communicate Information Security principles and objectives
  • Previously implemented ISO 27001 and attained certification
  • Experience in Procurement, Insurance or Financial industry exposure
  • Relevant security certifications such as CISSP, CRISC, CISA, CISM
  • Security within a cloud based environment
  • Deep knowledge of risk management, backup and Disaster Recovery policies processes and testing

Personal Specifications:

  • Strong influencing & negotiation skills and the ability to work with teams across geographic boundaries and cultures
  • Proven communication skills and collaboration skills
  • The ability to interact with all levels of management within the organisation
  • The ability to work effectively in an environment where there are a number of competing pressures
  • Strategic thinking and planning skills with financial and business acumen
  • Strong business and analytical skills and technical knowledge
  • Team player
  • Open minded
  • Creative and innovative
  • Rigorous attention to detail
  • Strong projection and interpersonal skills
  • Self-starter


About the author

Alison is the Digital Content Editor for WeAreTheCity. She has a BA Honours degree in Journalism and History from the University of Portsmouth. She has previously worked in the marketing sector and in a copywriting role. Alison’s other passions and hobbies include writing, blogging and travelling.

Related Posts