We are working with an established and expanding Software as a Service (SaaS) business and are looking to recruit a Chief Information Security Officer.
A permanent full time role, this is a role whereby you can be based on a remote basis; there are occasional meetings held in their offices in South Yorkshire and the North East.
The business has seen strong growth organically and via acquisition. We are therefore seeking a candidate who has experience working for a software business which has acquired businesses and integrated them in to a group set up.
This is a group wide role focused on the protection of our customer, business partner, employee and company data, infrastructure, and assets from malicious actors both external and internal. A key element of this is putting in place and monitoring the procedures and policies required to provide this protection.
Key Duties:
• Develop, implement, and monitor effective and reasonable policies and practices to secure information assets and ensure Information Security and compliance with relevant legislation and legal interpretation.
• Develop, implement, and monitor a strategic, comprehensive enterprise Information Security and IT risk management program across the whole group.
• Work directly with the business units and CTO Team to facilitate risk assessment and risk management processes.
• Develop and implement group wide adoption of ISO 27001 and Cyber Essentials Plus.
• Ensure group wide compliance with PCI, GDPR, NHS DSP Toolkit and other relevant Information Security regulations.
• Partner with business stakeholders across the company to raise awareness of risk management concerns.
• Work with the CTO Leadership team to ensure best practice from a security perspective in our development practices, for example driving secure coding practices, communicating OWASP top 10, etc.
• Stay abreast of Information Security issues and regulatory changes affecting healthcare.
• Monitor all security incidents and act as primary control point during significant Information Security incidents.
• Responsible for Information Security best practice across the group including coaching and mentoring IT and Engineering teams in the same.
• Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.
Essential Skills:
Extensive knowledge / experience of IT security and compliance frameworks at all levels.
Strong experience of SaaS / Cloud based solutions.
Strong technical background covering IT, Infrastructure and Software Development with experience across a broad range of architectures, technologies and development practices.
Strong team leadership skills, including motivation, performance management, cultural awareness, coaching and development.
Extensive stakeholder management experience up to Board level.
The company will offer an extremely competitive salary with bonus and company benefits - this can be discussed upon application.
Interested candidates should apply now.