Job Role Head of Information Security
Reporting to Group Chief Risk Officer
Department Group Risk
Job Purpose
The Head of Information Security is a senior-level executive responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats. In addition to responding to data breaches and other security incidents, the Head of Info Sec is tasked with anticipating, assessing and actively managing new and emerging threats. The Head of Info Sec must work with other executives across different departments to align security initiatives with broader business objectives and mitigate the risks various security threats pose to the organization’s mission and goals. This position will collaborate with individuals from all Business Services departments (IT, Ops, HR, Marketing, etc.) and Client-facing practice groups to develop, implement, maintain and execute Cyber Security plans that meet the strategic, tactical and operational needs of the Group.
Responsibilities:
Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program
Work directly with the business units to facilitate risk assessment and risk management processes
Develop and enhance an information security management framework
Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services
Become a trusted business advisor to the senior management and Board
Provide leadership to the enterprise’s information security organization
Partner with business stakeholders across the company to raise awareness of risk management concerns
Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems
Develop an in-depth understanding of the business processes, facilities, equipment, IT networks/environment, regulatory requirements and interdependencies.
Update the Crisis Management Team (CMT) during a crisis, serve as the Crisis Management Team Leader.
Review of incidents arising, collating all the different types of incidents, and following any trend analysis
Experience / Skills Required
Min 20 years of experience working in a financial institution with adequate and clear focus on Information security and Risk Management.
Bachelor or Master’s Degree qualified (or equivalent) in business management, risk management,
Certifications in Risk Management / CISM/ CRISC / CISSP will be added advantage
Good understanding of Operational Risk Tools like RCSA / KRI / Loss Data Management
Experience of working in a complex IT environment
Significant and extensive experience in Information Security, business resilience and continuity, theory and practice
Excellent ability to manage stakeholders, driving action and challenging inaction * Strong partnership abilities; skilled in influencing and motivating others especially senior leaders
Strong project management, problem-solving and decision-making skills
Excellent verbal and written communication skills including presentation development and delivery
Proven ability to design and deliver well thought through, relevant and challenging exercise scenarios to all levels of security teams
Ability to work independently and think critically
A strong service focus with the need to listen and comprehend the essential requirements of different areas of the Group
Ability to build connections and work collaboratively across boundaries at all levels
Job Types: Full-time, Permanent
Salary: £110,000.00-£130,000.00 per year
Additional pay:
Benefits:
- Cycle to work scheme
- Flexible schedule
- Private medical insurance
- Sick pay
- Work from home
Schedule: