Head of IT Security Risk & Governance - Contract

My client a leading financial organisation is currently looking for a Head of IT Security, Risk & Compliance for an immediate start and a 6-month contract.

The role will allow remote working however they will be a need for 1-2 days per week to be at their HQ.

The Head of IT Security, Risk & Compliance is responsible for ensuring the organisation is secure from information security threats, managing risk across the department and ensuring the IT processes (policies and procedures) meet legal, regulatory and contractual requirements.

This role requires effective co-ordination of risk across IT and liaison with the Group Business Assurance & Group Change functions to ensure the close management of inter-dependencies, management of 3rd party providers and proactive management of risks & issues that may arise.

The Head of IT Security, Risk & Compliance is responsible for the overall integrity of security enforcing controls, risk remediation, compliance and security service improvement, defining the plan, agreeing budget and delivering the outcomes.

Essential Experience

Security Leadership in the Financial Service Sector preferred but not essential.

Experienced policy, process and procedure creation and maintenance

Expert in security strategy definition

Specialist knowledge of security legislation, frameworks and standards

Experience in risk management

Effective leadership, interpersonal and communication skills.

Demonstratable credibility to advise internal and external stakeholders.

Technical Experience

Deep technical expertise in applications, infrastructure, networks and public cloud, especially with respect to security

Security architecture of multi-channel financial enterprise and applications using TOGAF and SABSA.

Experience of Digital Business execution.

Experience of risk frameworks

Experience with Security Operation Centres, associated tools and techniques for threat analysis

Good understanding of Microsoft technologies and environments

Previous experience with Threat Modelling tools - desirable

Definition of security metrics and KPIs- desirable

Key Responsibilities

Security Strategy:

Drive continuous improvement by defining, operating and monitoring a system for information security management.

Operational Security Management:

Protect enterprise information as required by the business. Establish and maintain information security roles and access privileges and perform security monitoring to minimise the business impact of operational information security vulnerabilities and incidents.

Business Process Controls & Internal Audit:

Manage business process controls such as self-assessments and independent assurance reviews to ensure that information related to and used by business processes meets security and integrity requirements. Keep the impact and occurrence of information security incidents within the business' risk appetite levels.

Policy

Create, maintain and monitor an Information Security Management System of policies, processes and procedures consistent with our growth and the ever-changing threat. Establish Governance of operations in accordance with appropriate security and regulatory standards, acts, control frameworks and laws.

External Compliance:

Ensure that (and evidence through metrics) IT processes and IT supported business procedures are compliant with policy and contractual requirements.

Risk Management:

Continually identify, assess, prioritise, mitigate and monitor IT-related risk within levels of tolerance set by the business.

Business Continuity:

Establish and maintain a plan of action to ensure that regular business will continue even during a disaster.

Disaster Recovery Planning:

Establish and maintain plans to enable the restorations of communications, hardware and IT assets to recover business downtime within service-level agreements.

Security Awareness Training

Ensure that the appropriate level of training is provided for all staff. Create monthly security bulletins educating staff on key security issues or concepts addressing shortfalls identified by security metrics.