Group Information Security Manager

Job Description

Mott MacDonald

Position location: Newcastle, United Kingdom
Recruiter contact: Laura Kennedy

We’re a global engineering, management, and development consultancy.
Our purpose is to improve society by considering social outcomes in everything we do, relentlessly focusing on excellence and digital innovation, transforming our clients’ businesses, our communities and employee opportunities.

A fundamental part of this is respecting each person’s differences and striving to meet their needs.

Our values: Progress, Respect, Integrity, Drive, Excellence.

About the business unit

Mott MacDonald’s support services are the driving force behind our organisation enabling us to run efficiently and effectively. The team works collaboratively to offer specialist advice, best practice and technology to all areas of our business specifically designed for our global reach.

Overview of role

Reporting to the Group Head of IT and Security the Group Information Security Manager is accountable for the following:

• Developing and implementing an information security strategy and framework that aligns with Mott MacDonald’s objectives and risk appetite, while addressing emerging threats and vulnerabilities.
• Unifying distributed teams into a cohesive information security group, ensuring group and regional alignment with common principles, systems, and processes.
• Lead efforts to raise awareness of information security across the Group and Regions through training and awareness programs.
• Building metrics and performance indicators to measure the success of the information security posture and quantifying key risk areas.
• Actively participating as a member of the IT Leadership team to ensure that information security and technology continue to promote secure behaviours within the business.

In addition, responsible for maintaining a collaborative culture and leading an environment to improve the health, wellbeing, and engagement of the IT and Security functions employees through visible leadership and effective people management.

Key duties and responsibilities include

• Develop and implement the Group information security programme, ensuring alignment with Regional information security programs to build security capabilities, including people, processes, and technologies, to protect information assets.
• Develop and maintain an Information Security Management System that defines the requirements and controls for the Group.
• Collaborate with stakeholders, including business leadership, IT, legal, and client delivery teams, to ensure compliance with relevant regulations, industry standards, and Group requirements.
• Develop and maintain an effective information security incident response plan, coordinating response efforts in the event of a data breach.
• Implement a measurable security awareness and training program that raises awareness of security requirements and the threats they mitigate and develop training on information security best practices.
• Lead and mentor a team of information security professionals, fostering a culture of continuous learning and professional growth.
• Provide regular reports to the executive board and management teams on the organisation’s security posture, risks, and ongoing information security programme.
• Communicate technical controls and behavioural information security requirements effectively, along with their underlying rationale and benefits.
• Develop Group and Regional information security metrics, including Key Risk Indicators and reporting frameworks.
• Conduct ISO27001 audits and evaluate the alignment of security controls as defined in the Information Security Management System (ISMS).
• Oversee threat intelligence and risk management activities to promptly identify and mitigate potential security risks.
• Provide assurance and oversee audit activities to ensure compliance with the Information Security Management System requirements for the Group and within the Regions.

Candidate Specification

Essential

• Proven experience in information security management, with a track record of developing and implementing successful information security strategies in a large, complex global organisation.
• Strong understanding of information security principles, technologies, and best practices, including risk assessment, vulnerability management, and incident response.
• Excellent communication and interpersonal skills, with the ability to effectively engage with stakeholders at all levels and promote security awareness across the organisation.
• Demonstrated ability to lead and develop high-performing teams.
• Experience of ISO27001 and knowledge of other common information security management frameworks such as NIST.

Desirable

• Relevant certifications, such as CISSP, CISM, or CISA.
• A recognised relevant professional qualification.
• Experience of working in a complex matrix environment.
• Experience of managing an Information Security function.

Personal Attributes

• Collaborates effectively within a team and communicates with confidence, while recognising personal areas for improvement.
• Encourages creative thinking and proactively seeks innovative methods to enhance the function.
• Possesses strong interpersonal and persuasive abilities, capable of fostering collaborative partnerships and managing diverse stakeholders with unique needs and challenges.
• Adept at building trust and confidence, establishing credibility through consistent delivery on commitments.
• Exhibits a natural talent for mentoring others, promoting best practices, and possesses a strategic vision with the resilience to adapt to changing requirements.

Equality, diversity, and inclusion

We put equality, diversity, and inclusion at the heart of our business, seeking to promote fair employment procedures and practices to ensure equal opportunities for all. We encourage individual expression in our workplace and are committed to creating an inclusive environment where everyone feels they can contribute.

Accessibility

We want you to perform your best at every stage in the recruitment process. If you are disabled or need any support to enable you to apply or attend an interview, please contact us at reasonable.adjustments@mottmac.com and we will talk to you about how we can support you.

Agile working

Happy to talk Flexible Working and how we can support your responsibilities beyond the workplace.

We offer some fantastic benefits including:

• Pension matched up to 7%
• Life insurance
• An annual professional institution subscription
• Continuous development opportunities – because we want you to thrive
• Agile/flexible working – because life isn’t 9-5
• Enhanced parental leave; shared parental leave policies – for parents and care givers
• Annual bonus scheme
• Flexible benefits that suit you, including ability to buy/sell annual leave entitlement, cycle to work & interest free season ticket loans
• Wellbeing support including access to an independent Employer Assistance Scheme, wellbeing champions and access to learning and support resources
• Access to our Advanced Employee Networks which support our LGBTQ+, gender, race and ethnicity, disability and parents/carers communities
• The opportunity to make a difference; learn more about our social outcomes

Apply now, or for more information about our application process, click here.