Cambridge (preferably) / Nottingham
The Head of Information Security will be taking on the continual development and maintenance of security processes and controls within the business. The position entails planning and carrying out security controls that will protect Formpipe’s data from attack, unauthorised access, corruption, theft, or any other risk.
The business is currently ISO 27001 accredited within their UK Cambridge office. This accreditation will need to be maintained, reviewed and improved on a periodic basis and extended to other Formpipe offices in the UK and Europe.
The role requires you to have a broad knowledge of IT and business systems to enable the assessment of the risk to security and to have the ability to ensure the business is protected as new developments and threats emerge in the future.
The role also requires you to operate, maintain and improve the existing Quality Management Systems currently implemented within the Life Science division.
This is a challenging, exciting role which offers the opportunity for you to make a positive impression on a fast-moving and expanding business.
You will ideally be based in the UK Foxton office, located outside of Cambridge.
Duties and Responsibilities.
- To operate, maintain and improve the existing Information Security Management System within Formpipe, as used by Formpipe Private Sector staff who are based at Foxton, UK. This includes maintenance of the existing ISO27001 certification.
- To operate, maintain and improve the existing Quality Management System as used by the Life Science Team within Formpipe Private Sector who are based in Nottingham, UK.
- To assess the potential for, and benefits of, expanding the scope of the existing Security and Quality Management Systems on a wider basis across the whole Formpipe Private Sector organisation, and to plan and implement these changes accordingly.
- To ensure that Quality and Security Management Systems are aligned with applicable Policies and Procedures used in other parts of the Formpipe group, including global policies, and the ISMS used by Formpipe Public Sector, Sweden.
- Creating and maintaining a Risk Treatment Plan for identified risks and making sure tasks are assigned and carried out by the appropriate persons.
- Oversees information security awareness and education through training
- Liaises with other department managers for implementation of policies and procedures and feedback from their teams.
- Ensures security is maintained during Disaster Recovery operations.
- Arranges regular security testing for systems.
- Provides quarterly reports to the Senior Management team in relation to the performance of ISMS.
- Maintains and upgrades professional knowledge, skills and development by attending seminars and training programs and reading trade and professional journals and publications.
- Liaises with external assessors for annual audits for ISO27001 certification.
Knowledge and Experience.
- Excellent understanding of ISO27001 and the ability to implement policy according to legislation
- Established leadership skills
- Ability to communicate effectively at senior and board level to help others to understand the business risk
- Ability to assess the relevance of the Quality and Security Policies and Procedures as applicable to specific parts of the organisation
- Ability to undertake security auditing
- Knowledge of Microsoft Office cloud infrastructure (Office 365 and/or Azure).
- Experience in working in a similar role.
- Ability to communicate effectively at all levels
- Ability analyse problems and provide effective solutions
- Ability to conduct business in a professional and confident manner.
- Excellent ICT skills.
- Ability to plan and effectively prioritise own workload.
- Excellent interpersonal skills.
- Ability to work independently and to meet deadlines, as well as work as part of a team.
- “Can do attitude” to get the job in hand completed.
- Structured and methodical approach to all areas of work.
- A self-starter who is confident and comfortable working as part of a distributed team with colleagues in different locations and time-zones .
- Self-motivated, can work confidently without constant supervision.
- Security related certification CISSP or CISM
- Knowledge of specific software products and services
- Knowledge of different customer sectors, eg Banking / Life Sciences
Formpipe has its head office in Stockholm and is listed on the OMX Stockholm stock exchange. We employ over 260 people and have offices in Sweden, Denmark, UK, US and Germany. As a Microsoft Gold Partner and member of Microsoft’s Technology Adoption Program (TAP), Formpipe solutions are sold and supported through a certified network of global partners.
Formpipe has three business areas: Swedish Public Sector, Danish Public Sector and Private Sector. Each business area caters for local requirements with development, support, delivery, account management and commercial management at service for customers. This role is to join the Private Sector team, which is focussed on delivering software products and services through a global partner network. This includes Lasernet, which has unrivalled integration with Microsoft Dynamics 365, NAV, SAP and Infor along with other ERP solutions and delivers business documents in almost any format imaginable.
We are a decentralised organisation in which our team members enjoy a large amount of autonomy. We believe this approach nurtures a culture with a personal touch and characterizes us a people-to-people company. Our core values are our internal as well as external contract. They guide us and drive us forward.