Manager - Cybersecurity Governance

Reporting to the head of Security Governance, this role will be responsible for providing day to day representation and review of Security Policies to internal and external clients to ensure tolerances are within Epiq s risk appetite. The Governance Manager will also assist in ensuring that the Security Program maintains suitable levels of compliance to applicable laws and regulations through adherence to Security policies. This role will also work with Business and Compliance teams to recommend and implement policies and procedures to ensure security meets or exceeds good industry practice.

 

Essential Duties and Responsibilities:

Develop and maintain our ISMS including Information Security Policies, Standards and Procedures. These will be developed in accordance with industry good practice (eg ISO27001), legal and regulatory requirements and compliance with frameworks including but not limited to the National Institute Standards and Technology (NIST). Collaborate with Subject Matter Experts (SMEs) to gather requirements and deliver documentation.

Manage our Cloud Security Posture Management (CSPM) programme. Work with subscription owners and IT to drive improvements in our security posture across our cloud hosted apps. Provide regular updates to Executives.

Support our ISO27001 certification programme, including leading activities for our India and US sites.

Review security clauses within legal contracts and agreements.

Define and co-ordinate our processes for security reviews of covering compliance, legal and third party agreements. The process must liaise with all relevant teams and ensure that Epiq meets our contractual obligations.

Design and implement a comprehensive training and communication function for the entire organisation to both comply with security training requirements, and enhance security awareness and compliance for all employees, contractors, and consultants of Epiq.

Facilitate information security risk assessments, ensuring key risks are identified, documented and reported.

Work with the client-facing business service lines as we'll as business support functions such as Legal, Compliance, Internal Audit, and Sales teams to ensure Security policies, processes and procedures are accurately, effectively, and consistently understood and represented throughout the company.

Assist with ISMS internal audits and internal security process reviews to verify the effectiveness of our security control environment. Manage the associated continuous improvement process.

Help to ogranise and co-ordinate regular governance meetings, including representatives from Security, Compliance, Technology, HR, Sales, Legal and the business services lines.

Provide any additional support as required by the Head of Security Governance, as required.

 

Qualifications: knowledge/skill/ability:

An individual must be able to perform each essential job duty satisfactorily. The requirements listed below are representative of the knowledge, skill and/or ability required:

7+ years experience of working in an information security role, with a good understanding of information security fundamentals.

Experience of working in an ISO27001 certified environment, including experience of external certification audits.

Cloud Security Posture Management experience, particularly within Azure. Familiarity with security frameworks and various compliance requirements (eg ISO27001, PCI DSS, NIST, SOC2, CIS Top 20)

Previous line management experience.

Security standards and policy development experience.

Experience of developing and delivering security training and awareness material for staff.

Experience of reviewing and developing security contractual clauses.

Experience of completing third party assurance reviews.

ISMS internal audit and security review experience.

Communicate effectively through written and verbal means to co-workers and senior leadership and effectively manage multiple tasks simultaneously, coordinating and ensuring that scheduled goals are met.

Experience with the conduct of an information security investigation and remediation.

Experience with security technology and processes used to defend an international enterprise network.

Experience analyzing business or technical problems and proposing and implementing pragmatic solutions.

Excellent communication skills, verbal and written and be a self-managed / self-driven individual.

Strong project management, organisational and meeting management skills.

Able to convey complex and technical information in a simple and straight forward manner, to non-technical stakeholders.

 

Education:

B.S. Engineering / C.S. / MIS degree highly desirable ISO27001 lead auditor highly desirable

CISSP/CISM/GIAC Certification highly desirable