Job Responsibilities
- Acting as a deputy for the Head of Information Security.
- In conjunction with the Head of Information Security, develop and implement information security policies, standards and documentation ensuring compliance with all applicable legal or regulatory legislations.
- Manages and facilitates governance meetings.
- Manages cross-functional initiatives to deliver on risk goals, policies and procedures.
- Experience delivering presentations and engaging with senior leadership.
- Manage the Technology risk strategies that maintain the status of industry compliance across enterprise applications, MSPs and Cloud services that store, process and transmit firm data.
- Research and evaluate emerging security threats and ways in which to manage and mitigate them.
- Providing SME guidance to Information Security related audits and reviews.
- Manage audit findings (internal, external and client driven) to ensure that business departments understand issues and that remediations effectively mitigate information security risks.
- Manage the cyber incident management process and develop appropriate document repositories, policy documents, operational schedules and processes.
- Drive and manage processes for reporting KPI's and other metrics in relation to risk, threats, vulnerabilities, compliance and performance.
- Manage post-incident investigations and provide advice to address issues and/or amend procedures to enhance the Firm's information security protection.
- Manage all security certifications to ensure compliance to applicable standards and regulations.
Skills Required
- Have an experienced level of information security risk management knowledge.
- Design, operation, and governance of industry-standard security control frameworks.
- Experience managing collaborating cross functionally to identify and implement best practice risk processes.
- Experience growing and motivating a team; coaches' members through career milestones and progression.
- Knowledgeable in technical and governance disciplines of information security, risk, audit and compliance
- Knowledge of Azure, encryption key management and cloud-based services such as M365 is essential.
- Experience of operating in a similar role within the framework of and adhering to requirements of ISO27001 and Cyber Essentials Plus or similar standards.
This role offers hybrid working - 2 days WFH/3 days office based.