Information Security & Assurance Manager

LSL are one of the largest providers of services to mortgage intermediaries and franchised estate agencies and provide valuation services to many of the UK’s largest mortgage lenders.

We are currenty looking for an expereined Information Security & Assurance Manager to join our Franchising division in Newcastle upon Tyne and contribute to ensuring the security and privacy of our franchise operations.

As the Information Security Risk and Assurance Manager, you will serve as an independent control function overseeing risk and monitoring the first-line-of-defence control framework within the Franchising Division. Your role involves providing challenge on the effectiveness of controls, advising IT departments’ business leads, participating in multiple Risk and Information Security Steering Groups, and supporting the delivery of an effective information security and governance framework.

Main Accountabilities & Key Objectives:

• Support the development, production, and management of an Information Security and Data Protection Risk framework.
• Increase awareness of Information Security and Data Privacy throughout the business, assisting in achieving compliance targets.
• Provide targeted assurance reviews to assess the suitability of the control framework within the first-line-of-defence.
• Aid in the creation, distribution, and compliance of business Information Security and Data Privacy policies.

Key Responsibilities:

Key Stakeholder Engagement:

• Provide practical support and guidance on integrating risk management, security, and privacy into digital software, products, and services.
• Assist in managing information security-related incidents.
• Offer guidance on procurement qualification reviews.
• Support compliance with security standards such as PCI DSS / Cyber Essentials.

Risk & Governance:

• Ensure effective maintenance of Information Security and Data Privacy Risks.
• Stay informed about legislation, regulations, emerging threats, and best practices.
• Develop and maintain Information Security Risk Registers.
• Support governance frameworks aligned with industry standards and legal obligations.

Assurance:

• Coordinate and manage scheduled external audits and Internal Audit activities.
• Assist in due diligence activities for third-party suppliers.

Data Analysis and Reporting:

• Provide advice to identify trends and prevent security incidents and data breaches.
• Complete monthly reporting requirements directed by the Chief Risk & Compliance Officer.

Knowledge and Expertise:

• Familiarity with security policies, standards, and risk frameworks.
• Awareness of industry best practices.
• Experience in assurance and relationship management.
• Commercial acumen and report writing skills.
• Analytical, decision-making, and problem-solving skills.

Experience, Qualifications, and Requirements:

• Certification in CISA, ISO 27001, CISSP, CCSP, CSTAR, CISM, or PCI DSS (Desirable).
• Understanding of PCI DSS, Cyber Essentials, and the Data Protection Act.
• Knowledge of Dev Ops and Dev Sec Ops.
• Leadership skills and experience influencing senior management.
• Experience assessing third-party infrastructure.
• Excellent communication and influencing skills at all levels.
• Awareness of relevant legislation and regulations.

In return we can offer you:

• Hybrid working with a office/home working model.
• Free on-site office parking.
• A competitive benefits package with the option to purchase enhanced and additional benefits to suit you.
• An opportunity to build on and develop a long-lasting rewarding career.
• A collaborative team working culture.

LSL is an equal opportunity employer, and we value diversity at our company. We do not discriminate on your background or needs, if you require any adjustments to make the recruitment process easier, please let us know.