Job Responsibilities
- Develop and implement information security policies, standards and documentation in collaboration with the Technology Leadership Team, ensuring compliance with all applicable legal or regulatory legislations.
- Manage cross-functional initiatives to deliver on risk goals, policies and procedures.
- Establish and maintain the relationship with our security vendors, including SoC, SiEM and MDR services
- In conjunction with our third-party vendor to research and evaluate emerging security threats and identify and implement appropriate mitigation strategies.
- Manage audit findings (internal, external and client driven) to ensure that business departments understand issues and that remediations effectively mitigate information security risks.
- Manage the cyber incident management process and develop appropriate document repositories, policy documents, operational schedules and processes.
- Drive and support an exceptions and waivers process ensuring exceptions are appropriately reviewed and action taken where relevant.
- Promote the firm's security policy, to ensure appropriate measures are taken to secure the firm's information and minimise security incidents.
- Experience in growing and motivating a team; coaching members through career milestones and progression
Skills Required
- Demonstrate a strong technical background in information security and security platforms
- Apply industry-standard security control frameworks to design, operate, and govern information security systems and processes
- Lead teams and display gravitas when managing key initiatives
- Knowledge of Azure, encryption key management and cloud-based services such as M365 is essential.
- Experience of operating in a similar role within the framework of and adhering to requirements of ISO27001 and Cyber Essentials Plus or similar standards.
- Experience in related supplier management, with vendors and resellers.
This is a hybrid role, offering 2 days WFH/3 days office based.