Siemens Managed Services are looking for an Information Security Manager to join our MAS IT department. As part of the IT Management Team, you will be responsible for co-coordinating and managing the delivery of all Operational services, including services provided by 3rd parties and cloud provider to committed Service Level Agreements [SLAs]. In this role, you will be working within the Information Assurance function to implement, develop and maintain the confidentiality, integrity, and availability of the organisation's key information assets. The function defines the strategy for Information Security and Risk Management. It is responsible for agreeing and communicating that strategy; and subsequently ensuring that a consistent, transparent adoption of policies and standards is achieved through regular monitoring. Siemens recognise that building a diverse workforce is critical to the success of our business. We strongly encourage applications from a diverse talent pool and welcome the opportunity to discuss flexibility requirements and workplace adjustments with all our applicants. See our flexibility culture here. Whilst we have a fantastic flexible policy, there will be a need to be in our Nottingham office on a regular basis. What part will you play? Lead, manage and maintain Information Security Management processes and activities for Siemens OS. Establish a governance framework for building organisational resilience and identifying potential threats & impacts to the organisation through on-going development of the Information Security Management System (ISMS). Maintains the governance frameworks (in line with industry standards e.g., ISO 27001, PCI-DSS etc.) and ensures compliance with those standards through internal review and external certification processes ensuring that the policies are kept up to date, are implemented globally, and drives awareness of these subjects in all staff. Maintains close relationships with Corporate Information Security including the Risk Management and Audit functions ensuring compliance with global information security policies and best practice as defined by Siemens GS InfoSec Supporting the Business Continuity Manager to maintain the Business Continuity Management System (BCMS). Develop strategy, procedures, and awareness to ensure compliance to OS Data Protection obligations What will you bring to the role? Ensure integration with Corporate Business Continuity and Risk Management mandates. Manage and ensure effective compliance with additional regulatory requirements such as PCI-DSS and specific industry requirements as defined by Elexon, Ofgem, Ofwat, DECC, HMG IA etc. Represent the organisation to Customers, Suppliers, Siemens PLC, and industry bodies on matters relating to Information Security and Data Protection. Apply a PDCA approach to on-going review and improvement of the ISMS. Includes development and action of an Internal Audit programme, production of SMT level 'SWOT Analysis' reporting, monthly Executive Sponsor programme reviews, monitoring of monthly KPIs, facilitation of external BSI ISO27001 audits, and input into external OS audits (Elexon) Develop and implement awareness and training for OS employees in relation to Information Security and Data Protection. Includes facilitating and issuing relevant training and developing subject matter communications to ensure employees are familiar with their roles and responsibilities with regards to these topics. Embed Information Security and Data Protection within the PM/ PLM processes. Includes addition of function/ non-functional requirements and input to applicable PM documentation (i.e., PIA, Risk Assessments). Work in conjunction with the OS Business Continuity Manager to maintain the Business Continuity Management System (BCMS). Maintain ISO22301certification on behalf of the organisation. We are looking for super minds, not superheroes We are looking for a future thinking Security Manager with an expert understanding of Information Security and Data Protection standards and methodologies. A professional qualification in Information Security and Data Protection such as BCI membership CISM is a must, as is knowledge of the Data Protection Act (1998) and its application within a corporate environment. You will be a coach and mentor and help continue the evolution of our security team and business. We’ve got quite a lot to offer. How about you? Smart infrastructure enables the way we want to live - happily, comfortably, sustainably and in harmony. We do this from physical products, components, and systems to connected, cloud-based digital offerings and service. From intelligent grid control and electrification to smart storage solutions, from building automation and control systems to switches, valves, and sensors. It’s incredibly important that our people enjoy working here and therefore we take great pride in having a friendly, helpful, and engaging culture. We also appreciate that development and training is important to many and that’s why we have an encouraging environment which invests in our employee’s development, whether that’s Chartership, training or mentoring. If we all thought the same, we would never think of anything new. That’s why we recruit great minds from all backgrounds. Siemens encourage applications from a diverse talent pool. We have partnered with VERCIDA, the UK's largest diversity and inclusion focused careers site where all our vacancies are available in an accessible format. We welcome the opportunity to discuss flexible working requirements with you. And if you require any reasonable adjustments to be made to enable you to participate in the recruitment process, please let us know via our FAQ section here: [https://new.siemens.com/uk/en/company/jobs/faq.html]. #LI-NS Organization: Smart Infrastructure Company: Siemens plc Experience Level: not defined Job Type: Full-time