Information Security Assurance Manager
We are looking for an Information Security Assurance Manager to define, lead and manage the Assurance service within M&S. Working with the M&S strategic technology Partner to leverage their industry skills and deliver capability, this role is critical to enabling the successful fulfilment and constant improvement of the Assurance service.
This role drives enterprise Governance and Assurance activities for all programmes, projects, changes and agile delivery throughout M&S. Across all these initiatives, the Assurance Manager leads the delivery of robust guidance and engagement with Portfolios to ensure that confidentiality, integrity and availability considerations are delivered by design.
The successful candidate will have an excellent day-to-day relationship with our Partner to ensure all aspects of the managed service are delivered in line with the Assurance Charter, providing M&S with transparent and high quality KPI and KRI-led outcomes for both the M&S Information Security Team and the wider Technology and Business Teams.
This is a senior role within our Information Security Team and therefore requires an individual who is able to drive and execute delivery of the service throughout the whole team, leading to driving information security maturity improvements and visibility across business portfolios.
Key accountabilities and measures
- Own, deliver and constantly improve the InfoSec Assurance service across M&S
- Ensure engagement with the Assurance service meets business demands and acts as a wider front door for InfoSec
- Governing the M&S strategic technology partner to ensure their day to day management and delivery of the Assurance service and processes meets their charter commitments to an excellent standard
- Ensuring the Assurance service hands-off seamlessly between other InfoSec Towers and wider Technology Towers, acting as a conduit of information across the function, delivering an end-to-end service for our internal customers
- Being a point of escalation for the managed service ensuring both an excellent service provided and appropriate business prioritisation of Assurance requirements
- Delivering KPIs and KRIs to enable InfoSec and Business Portfolios to deliver ongoing security improvements
- Management of third parties and key stakeholders across technology and business areas
- Ability to work at pace across multiple initiatives within a team of highly skilled and competent peers
- Ability to deliver solutions within different project methodologies such as waterfall, agile and DevSecOps
- MSc in Information Security / equivalent or demonstrable industry experience
- Verbose in industry best practice for security assurance across different channels, risk assessments and SDLC
- Confident thought leader with great presenting experience and the ability to speak business / stakeholder language
Key relationships and stakeholders
- Working with other InfoSec Tower leads to ensure the team as a whole operates as a well-oiled machine
- Influencing Chief Technology Officers, Project Managers, Product Owners and Heads of Technology Solutions to push Information Security requirements up their priority list
- Liaising with Legal, Audit, Data Governance and other wider business compliance areas
- Working with other 3rd parties and partners to ensure the delivery of contractual security requirements