Back to Job Search

Internal Assurance Manager

  • Location London
  • Job type Permanent
  • Reference BBBH124751


Internal Assurance Manager
Legal, Risk and Compliance · London, England, United Kingdom · Full-time



Description


Role Purpose
The primary purpose of the role is to carry out internal technology assurance assessments, in line with the requirements of ISO27001 and other standards.
Tasks and Responsibilities

  • Ability to lead information assurance related assessments independently such as ISO27001, Cyber Essentials or other external/internal certification standards.
  • Able to work collaboratively with teams from other disciplines within the global organisation and with the suppliers and clients.
  • Able to manage concurrent complex activities to short timescales.
  • Able to work under pressure to deliver good quality assessment reports.
  • Perform on-site and/or remote security assessment of systems and processes across business units that transmit, process or store sensitive data.
  • Work with existing and/or certify new projects or products to conform information security measures in place.
  • Own the back-office functions and activities including assurance scheduling, reporting and remediation management.
  • Assist the team in a continuous improvement regime.
  • Go-to resource for internal assurance whilst working as part of a global team to provide supplier data security advice and guidance.
  • Be prepared to occasionally travel for assessments (includes UK & international) - less than 10%.


Requirements

  • Experience of conducting information security assessments, deep dive multi-day assessments or audits.
  • Ability to produce high quality audit or assessment reports.
  • Good knowledge of all domains within security e.g. cloud, security management, service management, BCM, physical, GDPR/data protection.
  • Good communication and influencing and negotiation skills.
  • Experience in similar role for a complex global organisation (consultancy, insurance or financial services sector preferred but not essential).
  • Ability to explain technical complex concepts to non-technical stakeholders and suppliers.
  • A recognised security certification such as ISO/IEC 27001 Lead Auditor, CISA, CISM, or equivalent experience.
  • Academic qualification (e.g., degree), or equivalent experience.