Information Security Lead

A national FinTech that prioritises protecting its people is searching for an Information Security Lead to provide oversight and assurance of all cyber security strategies, policies and standards. This business is now using multiple external service providers in a Business Process Outsourcing arrangement. The business's digital presence will expand, which means cyber defence needs to be a top priority.

As an Information Security Lead, you will support the Information Security manager by:

• Conducting assurance activities.
• Serving as the primary contact for suppliers delivering customer services, including IT capability.
• Reviewing evidence from suppliers to ensure compliance with security policies.
• Identifying security risks and escalating them through governance.
• Providing an objective opinion on control implementation by suppliers.

Your key responsibilities will include:

• Security Risk Management:
  
  • Proactively identify, escalate, monitor, and manage security risks associated with business activities.
  • Collaborate with suppliers to understand their control environment and assess risk levels.
• Assurance Plan:
  
  • Follow a predefined assurance plan to sample test suppliers’ control environments.
  • Escalate identified issues that could impact the risk profile.
  • Review objective evidence to assess compliance and risk.
  • Challenge suppliers when control failures are evident.
• Relationship Management:
  
  • Build strong relationships across the organization.
  • Foster a security-focused culture with service providers and clients.
  • Focus on continuous improvement aligned with evolving threats.
• Governance:
  
  • Attend security working groups with suppliers to assess control effectiveness.
  • Monitor supplier performance and ensure effective response to threats and incidents.
• Security Awareness:
  
  • Provide subject matter expertise to colleagues and suppliers, promoting good security practices.

Experiencerequired for this role:

• Worked in information security, conducting objective-based assurance reviews in an outsourced environment.
• Identified information security risks and developed risk mitigation plans, ensuring compliance through evidence review.
• Challenged suppliers on their cyber security controls.
• Experience with ISO27001, NIST and Cyber Essentials 

Key Skills:

• Analysed complex technical information to provide relevant advice and guidance.
• Supplier Management from a Information Security perspective 
• Evaluation of supplier services and ability to meet Information Security standards 
• Demonstrated effective planning, organization, and resource utilization.

Preferred Qualifications:

• CISM OR CISSP certification or equivalent relevant experience.

Benefits include:

• Tailored Learning and Development
• Flexible Hybrid Working
• 9-Day Fortnight Scheme
• Inclusive Culture
• 27% average employer contribution.
• Annual Leave - 25 days, increasing to 30 days.
• Performance-Related Pay Bonus:
• Enhanced Family Leave

Next Steps? If you would like to know anything more about this role or even just want to hear what other Infrastructure, Cloud and Security positions I have that may also be a good match for you then please apply to this advert / or catch me on LinkedIn "Hayley Bee

You must be fully eligible to work in the UK to apply to this position and be eligible for SC clearance. This role is 40% office based in Durham, Glasgow or London