Information Assurance Manager

Leading Investment Manager is looking for an Information Assurance Manager to join their Risk Management team. You will provide independent oversight of information security, manage the full lifecycle of controls from an information security perspective identify risks, create controls, test controls and scrutinise evidence of controls effectiveness. Must have ISO experience and very strong in excel.



  • Information security policy set

- review and feedback of Investments policies, standards and guidelines in order to provide information protection governance to the organisation

  • Information security control assessments and assurance

- ongoing assessment of the information risk/security controls to provide assurance of their adequacy

  • Information risk and security regulation and standards certification

- certification of ISO 27001 - compliance with data protection requirements (GDPR)

  • Information risk assessments

- contribute control effectiveness to the quarterly assessment of the risk and control self-assessment

  • Internal audit

- provide responses to targeted questions posed by the internal audit team

  • Information security governance

- knowledge of “ISO27001:2013 Information Management Systems – Requirements” and NIST Cybersecurity Framework

- proven ability to author information security policies, standards and guidelines

- experience of legal and regulatory requirements (FCA, SEC, FINRA, GDPR etc.)

  • Information risk governance and assessment

- experience with a risk and control self-assessment (RCSA) process

- knowledge of risk management frameworks, such as ISACA or NIST

  • Knowledge of governance, risk and compliance (GRC) tools and services (Archer, Metricstream, BWise)
  • Experience with technical security controls
  • Certified in Certified Information Systems Security Professional (CISSP) with any of the following:
    • Information Systems Security Management Professional (ISSMP)
    • Certified Information Security Manager (CISM)
    • Certified Risk Information Security Control (CRISC)
    • or equivalent