Manager at PwC contributing to digital transformation in Utilities through technology consulting and stakeholder management. Focused on creating strategies and providing technology solutions in a data - driven world.
About the role
- Lead Information Security Manager ensuring compliance for NQC's SaaS platform. Oversee audit processes and improve security frameworks for cloud migration efforts.
Responsibilities
- Act as the primary point of contact and project lead for ISO 27001 and TISAX recertification cycles.
- Conduct a comprehensive review of our existing systems, policies, and controls against necessary audit standards.
- Identify, analyse, and formulate treatment plans for information security risks.
- Identify vulnerabilities within the new cloud architecture and ensure the platform maintains security standards.
- Lead the external penetration testing requirements for our platforms.
- Draft, refine, and implement essential documentation, including the Statement of Applicability (SoA) and internal security policies.
- Work with our Development and Infrastructure teams to embed security controls into our SaaS workflow (e.g., access management, incident response, and change management).
- Perform a "pre-audit" to ensure all departments are compliant before the external body arrives.
- Brief senior staff on security best practices and their specific responsibilities under the ISMS.
- Any other ad-hoc duties as assigned.
Requirements
- Proven experience leading organisations to successful audit certification or recertification.
- Proven experience implementing ISO 27001 within cloud-native (AWS/Azure/GCP) environments.
- Proven experience leading organisations through pentesting workflows within cloud-native environments,
- Exceptional documentation skills with the ability to simplify complex compliance requirements for non-technical stakeholders.
- *Desirable*: ISO 27001 Lead Implementer or Lead Auditor; CISSP or CISM.
- **Key Competencies**
- Is consistently motivated, committed and able to perform duties in all situations.
- Communicates and receives ideas, views and information to achieve understanding.
- Champions NQC’s values and consistently acts in a principled, open and conscientious manner, challenging unacceptable behaviour.
- Plans and prioritises activities and resources to maximise performance and minimise errors.
- Thinks creatively and embraces opportunities for change.
- Works collaboratively with cross-functional teams and acts as a team player while supporting colleagues.
Benefits
- Hybrid working policy of 60% office-based
- Salary sacrifice scheme
- 25 days holiday (Increasing with service) + bank holidays
- Enhanced Maternity and Paternity Leave
- Health Cash Plan
- Learning & Development through Udemy platform
- 24/7 Access to a Virtual GP
- Life Assurance (4 x Salary after 6 months)
- YuLife: Employee discounts and wellbeing platform
- Regular company socials & events
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
No Education Requirement
Tech skills
Location requirements
Research Associate conducting advanced research in iOS security within a leading institute for applied cybersecurity. Emphasis on secure application development and vulnerability analysis.
Cybersecurity Engineer focused on threat monitoring and incident response for Verizon's network security. Collaborating on security architecture and vulnerability management across multiple locations.
Senior Manager of Application Security leading initiatives to protect applications at Nordstrom through strategic leadership and AI - driven tooling. Collaborating with engineering to ensure secure software development practices.
Information Security Engineer responsible for deploying and supporting security tools across cloud and on - premise systems. Collaborating with IT to mitigate security risks in a hybrid work environment.
Casual Retail Security Officer for MSS Security ensuring safety at Tweed Mall in Tweed Heads. Responsible for patrols, incident response, and customer service.
Financial security advisor at Desjardins developing client relationships and selling life and health insurance products. Focusing on customer satisfaction and personalized financial solutions.
Principal Information Security Consultant at Westpac focusing on security protocols and employee benefits for staff. Hybrid role centrally located with opportunities for professional development and employee perks.
Engineer supporting secure development lifecycle processes for product lines in the energy sector. Collaborating with R&D on security requirements and compliance audits.
Automation Oversight Engineer providing oversight of compliance in automated device configurations for Comcast Business. Managing configuration checks and reporting, ensuring reliable oversight and improvement strategies.