My client a leading financial organisation is currently looking for a Head of IT Security, Risk & Compliance for an immediate start and a 6-month contract.
The role will allow remote working however they will be a need for 1-2 days per week to be at their HQ.
The Head of IT Security, Risk & Compliance is responsible for ensuring the organisation is secure from information security threats, managing risk across the department and ensuring the IT processes (policies and procedures) meet legal, regulatory and contractual requirements.
This role requires effective co-ordination of risk across IT and liaison with the Group Business Assurance & Group Change functions to ensure the close management of inter-dependencies, management of 3rd party providers and proactive management of risks & issues that may arise.
The Head of IT Security, Risk & Compliance is responsible for the overall integrity of security enforcing controls, risk remediation, compliance and security service improvement, defining the plan, agreeing budget and delivering the outcomes.
Security Leadership in the Financial Service Sector preferred but not essential.
Experienced policy, process and procedure creation and maintenance
Expert in security strategy definition
Specialist knowledge of security legislation, frameworks and standards
Experience in risk management
Effective leadership, interpersonal and communication skills.
Demonstratable credibility to advise internal and external stakeholders.
Deep technical expertise in applications, infrastructure, networks and public cloud, especially with respect to security
Security architecture of multi-channel financial enterprise and applications using TOGAF and SABSA.
Experience of Digital Business execution.
Experience of risk frameworks
Experience with Security Operation Centres, associated tools and techniques for threat analysis
Good understanding of Microsoft technologies and environments
Previous experience with Threat Modelling tools - desirable
Definition of security metrics and KPIs- desirable
Drive continuous improvement by defining, operating and monitoring a system for information security management.
Operational Security Management:
Protect enterprise information as required by the business. Establish and maintain information security roles and access privileges and perform security monitoring to minimise the business impact of operational information security vulnerabilities and incidents.
Business Process Controls & Internal Audit:
Manage business process controls such as self-assessments and independent assurance reviews to ensure that information related to and used by business processes meets security and integrity requirements. Keep the impact and occurrence of information security incidents within the business' risk appetite levels.
Create, maintain and monitor an Information Security Management System of policies, processes and procedures consistent with our growth and the ever-changing threat. Establish Governance of operations in accordance with appropriate security and regulatory standards, acts, control frameworks and laws.
Ensure that (and evidence through metrics) IT processes and IT supported business procedures are compliant with policy and contractual requirements.
Continually identify, assess, prioritise, mitigate and monitor IT-related risk within levels of tolerance set by the business.
Establish and maintain a plan of action to ensure that regular business will continue even during a disaster.
Disaster Recovery Planning:
Establish and maintain plans to enable the restorations of communications, hardware and IT assets to recover business downtime within service-level agreements.
Security Awareness Training
Ensure that the appropriate level of training is provided for all staff. Create monthly security bulletins educating staff on key security issues or concepts addressing shortfalls identified by security metrics.