A global Investment Management firm is looking to add an outstanding Senior Information Security Officer to their successful team based in the City of London.
As the organisations Info/Cyber Security SME you will be responsible for enhancing and developing the security stance of the firm globally. You will be supporting the business in ensuring that the Info/Cyber Security tools and processes are fit for purpose and tailored to any impending regulatory or external changes.
Duties & Responsibilities:
- Be responsible for managing the development and on-going implementation of the Information/Cyber Security strategy and objectives.
- Build and implement an ISMS.
- Enhance and develop existing policy and frameworks
- Have ownership and day to day management responsibility for all Cyber Security systems, applications, policies and processes.
- Staff education, awareness and training of cyber security risks and preventative actions are regularly delivered via multiple channels and a robust cyber security communication plan.
- Perform security risk assessments, providing guidance on the implementation of all projects with information security implications across the company.
- Implement and maintain KPIs and metrics to allow the monitoring of compliance with security policies and procedures against industry standard/best practice.
- Network and partner with other organisations to improve knowledge and approach.
- Carry out full security audits (internal and external with relevant suppliers) and ensure compliance and best practice is adhered to.
- Act as a key stakeholder in the identification of cyber security risk and the design and introduction of appropriate controls and mitigation.
- Implement and improve procedures and processes to optimise information security effectiveness. The role will also include the management of cyber security incidents from second-line investigation through to resolution.
- Ensure compliance with ISO27001, PCI DSS v3.2.1, GDPR, and other required FCA and broader global financial services compliance requirements
- Supporting the implementation of security culture and embedding of security controls into business change and processes
- Managing security for the allocated business units and teams to ensure programs are delivered and business operations are reviewed to identify high risk processes
- Being the Interface between the business team and the broader technology teams internal and external
- Assisting International level teams and capabilities to understand the business operations to enable security services to be optimised for all areas
- Driving security awareness and education throughout the business units. Win hearts and minds and maintain a security culture
- Proactively coordinating Cyber risk resolution
- Supporting Security Solution engagement in Change Programs
- Promote and champion best practices for Cyber Security, Risk Management, ITIL and service delivery
Experience and Qualifications Required
- 10 yrs minimum Cyber Security experience
- Broad IT security management knowledge, skills and experience
- Microsoft Windows Servers, Azure, O365 Security and Compliance
- Data Leakage prevention experience
- Forensic Investigations and Risk Management experience
- Amazon Web Services (EC2, S3 & WAF) experience
- Proven ability to build relationships with senior business and security stakeholders.
- Excellent communication skills that can transcend technical and non-technical audiences
- Experience with implementing or managing risk management processes and tools
- The ability to work in a constantly changing and fast paced environment. Strong team ethic combined with determined approach to ensure completion of work
- Relevant degree and professional security qualifications (alongside CISSP) such as CISA or CISM preferred or willingness to study for professional security qualification
- Change management and information security risk & governance experience
- Experience of compiling information for the purposes of internal and external audits/ regulatory commitments
- Relevant cyber and security experience in financial services industry with a clear understanding of the relationship between risk and commercial requirements
Please send through an application if this sounds like a suitable role, one of our team will be in touch with the suitable individuals in due course.
To apply for this job please visit www.cybersecurityjobsite.com.