Information Security and Governance Manager
Posted 17 days 15 hours ago by Psychology Tools Limited
About Us
Psychology Tools () is an online platform publishing evidence-based therapy resources for clinical professionals. We are a small team of passionate individuals, intent on creating best-in-class resources and making them available to our customers in innovative formats.
Role Overview
We are seeking to appoint an Information Security and Governance Manager to join our growing team to manage our on-going information security management and HIPAA compliance requirements. You will be responsible for achieving ISO27001 certification and for the development of plans to improve our information security management system and policies, ensuring that staff are kept informed and trained to a high standard. Operating in the healthcare sector, we can hold sensitive data and so having good practical experience and knowledge of best security practices is essential, ideally including a knowledge of HIPAA compliance.
Key Responsibilities
- To develop and maintain the information security policy and accompanying standards, procedures and guidance in order to gain and maintain ISO27001 certification
- To develop and deliver a programme of planned compliance reviews and regular risk assessments and to identify and mitigate security risks and address gaps
- Ensure secure implementation and maintenance of cloud-based solutions for secure storage of sensitive data
- To promote security awareness by developing and implementing a security awareness and training programme
- To investigate suspected and actual security incidents in accordance with the security incident management standard, produce reports with recommendations and ensure any remedial action is taken
- Produce regular reports for the Chief Operating Officer and Board as required Respond to enquiries from staff and provide security advice as required
- Work with internal stakeholders to develop relationships to help promote and improve information security and provide security advice on procurements, projects and new initiatives as required
- Work with external suppliers and auditors as required Maintain a good working knowledge of emerging security trends, risks, new guidance or standards (internal and external) and security enhancing technologies
Qualifications and experience
- Graduate in Cyber Security or Information Security; Or
- Work experience at a level demonstrating ability to successfully implement or manage information security management systems and security risks, ideally in a HIPAA compliant setting
- A good working knowledge of ISO27001 and, ideally, HIPAA compliance and/or Cyber Essentials Plus
- Ability to influence on matters relating to security and information risk
- Good verbal and written communication skills and able to communicate effectively at all levels
- Ability to manage time and priorities appropriately
- Positive attitude towards learning and development demonstrated by a record of continuing development
The successful candidate will ideally also have experience with some or all of the following;
- An understanding of the Data Protection Act, the Freedom of Information Act and other related legislation, including standards and codes of practice
- One or more Information Security Certificates from the following list;
- CISSP (Certified Information Systems Security Professional)
- CISM (Certified Information Security Manager)
- ISO27001 Lead Implementer or equivalent
- CISA (Certified Information Systems Auditor)
What We Offer
- An opportunity to contribute to a growing, mission-driven organisation focused on mental health
- A collaborative, flexible and supportive work environment
- Competitive salary of £44,000 - £52,000 dependent upon qualifications and experience.
- Contributory pension scheme 25 days holiday
How to Apply
Please submit your CV and a cover letter detailing your relevant experience and interest in the role via the button below.
Psychology Tools is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.
Agencies: We are not able to accept applicants and unsolicited interest via recruitment agencies.