Group Information Security Manager

at  Mott MacDonald

Group Information Security Manager
Country: United Kingdom
Position Location: Newcastle, United Kingdom
Contract Type: Permanent
Work Pattern: Full Time
Market: Corporate services
Discipline: Information technology
Job Ref: 5760
Recruiter Contact: Laura Kennedy

EQUALITY, DIVERSITY, AND INCLUSION

We put equality, diversity, and inclusion at the heart of our business, seeking to promote fair employment procedures and practices to ensure equal opportunities for all. We encourage individual expression in our workplace and are committed to creating an inclusive environment where everyone feels they can contribute.

OVERVIEW OF ROLE

Reporting to the Group Head of IT and Security the Group Information Security Manager is accountable for the following:

• Developing and implementing an information security strategy and framework that aligns with Mott MacDonald’s objectives and risk appetite, while addressing emerging threats and vulnerabilities.
• Unifying distributed teams into a cohesive information security group, ensuring group and regional alignment with common principles, systems, and processes.
• Lead efforts to raise awareness of information security across the Group and Regions through training and awareness programs.
• Building metrics and performance indicators to measure the success of the information security posture and quantifying key risk areas.
• Actively participating as a member of the IT Leadership team to ensure that information security and technology continue to promote secure behaviours within the business.

In addition, responsible for maintaining a collaborative culture and leading an environment to improve the health, wellbeing, and engagement of the IT and Security functions employees through visible leadership and effective people management.

KEY DUTIES AND RESPONSIBILITIES INCLUDE

• Develop and implement the Group information security programme, ensuring alignment with Regional information security programs to build security capabilities, including people, processes, and technologies, to protect information assets.
• Develop and maintain an Information Security Management System that defines the requirements and controls for the Group.
• Collaborate with stakeholders, including business leadership, IT, legal, and client delivery teams, to ensure compliance with relevant regulations, industry standards, and Group requirements.
• Develop and maintain an effective information security incident response plan, coordinating response efforts in the event of a data breach.
• Implement a measurable security awareness and training program that raises awareness of security requirements and the threats they mitigate and develop training on information security best practices.
• Lead and mentor a team of information security professionals, fostering a culture of continuous learning and professional growth.
• Provide regular reports to the executive board and management teams on the organisation’s security posture, risks, and ongoing information security programme.
• Communicate technical controls and behavioural information security requirements effectively, along with their underlying rationale and benefits.
• Develop Group and Regional information security metrics, including Key Risk Indicators and reporting frameworks.
• Conduct ISO27001 audits and evaluate the alignment of security controls as defined in the Information Security Management System (ISMS).
• Oversee threat intelligence and risk management activities to promptly identify and mitigate potential security risks.
• Provide assurance and oversee audit activities to ensure compliance with the Information Security Management System requirements for the Group and within the Regions.