Our client is an expanding and well-respected financial services organisation who are looking to strengthen their IT team by recruiting an Information Security Officer. You will provide subject matter expert (SME) support, guidance and oversight to ensure that robust, appropriate and effective information and cyber security systems, procedures and controls are in place and maintained company wide.
You will be required to play a key role in developing methodology, completing assurance exercises, monitoring and recording compliance to policies, as well as recording and authorising any exceptions and waivers. In addition, you will build and maintain strong relationships with stakeholders, mentoring and guiding colleagues to raise awareness of Information Security and Cyber Security.
Summary of areas of responsibility:
· Develop, implement and maintain information security policies
· Provide second line oversight and challenge information and cyber security matters
· Assist with the overall governance, assurance and compliance of the information security policy
· Conduct information security thematic reviews and risk assessments making recommendations where necessary
· Manage and drive the information security incident process, including investigating or working with relevant teams to deal with the incidents, identify the root cause and amend policies when required
· Create and manage the information security risk register
· Co-ordinate the execution of IT Business Continuity testing, plan maintenance and playbook updates
· Manage the technical relationships within IT (delivery, infrastructure) and business change
Key Skills and experience:
· Ability to write and implement policy and procedures on a risk assessed basis
· Good analytical skills and proven ability to demonstrate discretion and confidentiality
· Preferably Degree level educated (or equivalent) in either a technical or business subject
· Background in Information Security with significant experience in an information Security role (automatically achieved by the CISSP qualification)
· Experience of working in a regulated environment, ideally Financial Services
· Excellent risk and governance knowledge
Desirable (but not essential to have all) technical skills:
· CISSP – Certified Information Systems Security Professional, Systems security Certified Practitioner qualification or other security management qualification
· CRISC/CEGIT or other related risk/governance qualification
· Understanding of PCI-DSS
· Substantial knowledge of asset security, communication and networks security, access management, security testing and operations and secure software development.
· Detailed understanding of Information Security Standards e.g. ISO27001/Cyber Essentials/CIS20/FFIEC/NIST