UK&I Information Security Compliance Manager

London (Central), London (Greater)
Competitive Salary
16 Aug 2018
13 Sep 2018
Job Type

Are you an experienced Information Security Compliance Manager with experience ensuring your firm’s information security capability meets UK public sector guidance and standards?

The opportunity

The Information Security Compliance Manager will deliver subject matter expert (SME) advice around obtaining and sustaining InfoSec and governance standards in order to manage the risk to EY and enable the business to be competitive in the markets.

Activities will include documenting the extent to which EY’s information security capability meets UK public sector guidance and standards, creating and maintaining a repository of compliance information, and making this available to both internal and external stakeholders such as through third party auditing. Examples would include UK Ministry of Defence Standards including DAIS accreditation and NHS Digital’s Data Security and Protection Toolkit. 

This will include horizon scanning to be able to plan in advance any business critical compliance standards working and associated risk.  This will work with Information UK&I Security Programme Lead and in partnership with the Global EY Technology Team and various other stakeholders.

Your key responsibilities

  • Deliver demonstrable compliance with business critical requirements standards and certification including horizon scanning to manage the risk to the Firm. This will involve working closely with other members of the Regional Operations team especially the IMS Manager for ISO 27001 and Information Governance Lead to ensure the macro compliance picture is captured and documented.

  • Manage the interface and act as a “translator” between EY Technology and the end user to ensure smooth implementation of accreditation, developing and maintaining an up to date a documented portfolio of accreditation for the client-facing business, in addition to contributing to and managing relevant audits.

  • Participate in the Information Governance Programme taking an active role in technology areas

  • Work collaboratively with Risk Management, Procurement and EY Technology to ensure due process is being followed; support adherence to quality standards (ISO27001, Cyber Essentials etc) and champion best practice with a view to ultimately mitigating risks and maximising value through supply/demand led initiatives

  • Provide, as required, subject matter expert guidance to the UK&I service lines and Core Business Services functions (e.g. Supplier Relationship Management, Procurement, Legal, Independence) to ensure business cohesion

Skills and attributes for success

  • Demonstrable operational experience of leading or playing a key role in the implementation or delivery of a standard or accreditation in the public sector (not including ISO27001 or CES) such DAIS or NHS Information Governance Toolkit and or good working knowledge of the new NHS Digital Data Security & Protection Toolkit

  • Working knowledge of the Security Policy Framework / JSP 440 and relevant Cabinet Office/HMG policy on data classification and accreditation

  • Strong understanding of Information Security related aspects including regulatory requirements and policies, technical control processes and security solutions within a commercial environment

  • Understanding of regulatory matters especially for the UK and global industry standards, such as the Data Protection Act, GDPR and PCI DSS

  • Strong understanding of IT delivery programmes and service delivery models

  • Professional Security qualification (Current CISSP or CISM preferred)

  • Knowledge of the principles of Information Security in a commercial environment

  • Understanding of network architecture, protocols and principles

  • Understanding of Security Risk Analysis techniques

To qualify for the role you must have

  • Evidence of leading a successful public sector information accreditation

  • Experience influencing third party suppliers that are not directly managed

  • Strong IT delivery background

  • Graduate level with relevant degree qualification or equivalent industry experience

Ideally, you’ll also have

  • Multi-site / regional experience and working

  • Experience of working in a professional services organisation – understanding and having worked in a Partnership and complex (and preferably global) matrix organisation is critical

What we look for

Someone who is resilient, able to operate calmly under pressure in a complex / matrix environment, has a delivery focus, is target driven, generally politically astute with commercial acumen.

What working at EY offers

We offer a competitive remuneration package where you’ll be rewarded for your individual and team performance. Our comprehensive Total Rewards package includes support for flexible working and career development, and with FlexEY you can select benefits that suit your needs, covering holidays, health and well-being, insurance, savings and a wide range of discounts, offers and promotions. Plus, we offer:

  • Support, coaching and feedback from some of the most engaging colleagues around

  • Opportunities to develop new skills and progress your career

  • The freedom and flexibility to handle your role in a way that’s right for you

EY is committed to being an inclusive employer and we are happy to consider flexible working arrangements. We strive to achieve the right balance for our people, enabling us to deliver excellent client service whilst allowing you to build your career without sacrificing your personal priorities. While our client-facing professionals can be required to travel regularly, and at times be based at client sites, our flexible working arrangements can help you to achieve a lifestyle balance.

About EY

As a global leader in assurance, tax, transaction and advisory services, we’re using the finance products, expertise and systems we’ve developed to build a better working world. That starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better. Whenever you join, however long you stay, the exceptional EY experience lasts a lifetime. And with a commitment to hiring and developing the most passionate people, we’ll make our ambition to be the best employer by 2020 a reality.

 If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible.

Join us in building a better working world. 

Apply now.