Information Systems Security Manager

Barcelona / UK / Portugal 

About IWG 

We’re changing the world of work. We believe that business success is underpinned by the effectiveness of its people. So, we made it our mission to help millions of people have a great day at work – every day. With locations in practically every country, city, town and transport hub, and options ranging from an hour’s coworking to multi-year office space leases, we enable people and businesses to work where, when and how they want.

Technology in IWG

We’re focused on delivering seamless digital propositions which allow customers to instantly manage their requirements and position IWG as the “Digital First” workspace provider. As early adopters of the latest technologies - whether it be Artificial Intelligence, Office IoT, Data or Cloud Solutions - we create business value and are constantly striving to find new and improved ways to help our customers. Which is why we’re always on the look-out for intelligent, energetic, self-motivated, and curious individuals. We want to bring about a global workspace revolution and want you to help 

Join us at www.iwgplc.com 

Role and Responsibilities 

This is a high-profile role within our organisation and covers several key areas.  The successful candidate will have responsibility for the areas of Information Security management which also includes IT governance, IT risk management, incident management, and security hardening of all our environments from data centres, the Microsoft M365 platform and securing our business centre networks worldwide.

Broadly these areas will comprise of the following responsibilities (along with many others):

Governance & Management

All governance relating to Information Security and its relationship to the successful running of the business and the minimisation of the operational impact of cybersecurity issues.  These will include, amongst others the responsibility for:

• Implementation of an information security program in line with industry best practices (ISO 27000)
• Worldwide Laws, regulations, policies, ethics and principles as they relate to information security, cybersecurity and privacy.
• Adherence to industry standard methods on assessment, detection etc (e.g. NIST)
• Supply chain risk, procurement requirements, payment issues, enterprise information technology goals, applicable laws and statutes, classification for information compromise
• Creating policies, KPIs, & evaluating trustworthiness of products and suppliers.

Risk Management

This area is responsible for the framework requirements, and includes knowledge of the laws, regulations, privacy principles relating to risk as well as the processes to assess and mitigate, look at the organisational IT risk tolerance, back up and disaster recovery.

Incident Management

They will be responsible for the enterprise incident response program including handling methodologies and knowledge of cyber threats and vulnerabilities, and the coordination of multiple departments within the organisation to ensure cyber incidents are well managed and responded to.

Systems Engineering

The applicant will show skill in determining how IT systems should be built, how they should work and how changes in conditions, operations, or the environment will affect the information security and privacy outcomes.  This includes:

• Measures of system performance, system and application security threats, server and client operating systems, engineering theories, system software and organisational design, life cycle management principles and controls relating to the use, processing, storage, and transmission of data.

Networking

Understanding what constitutes a network attack and its threats, including intrusion deletion.

• Responsibility for network security architecture and computer networking concepts; penetration testing principles, tools and techniques; control mechanisms; all areas of network traffic analysis and flows and network protocols, including network systems management principles, models and methods.

Skills / Qualifications / Experience

Candidates will have at least 5 years’ experience in the field.  Certifications held should include those covering:

• information security governance (ISO 27000 or equivalent)
• information risk management, information, security program development and management
• communications and network security
• identity and access management (IAM)
• security assessment and testing, security operations
• software development security & SAST / DAST tools
• information security incident management (SIEM)
• information security core concepts