Address
Form of work
SalaryInformation Security Manager (12 month FTC) – Hybrid London
Key Accountabilities
Supporting the management of the Cyber Security function maintaining compliance with our NIST based cyber security framework.
Responsible to Head of Operational Risk for Information Security RCSA framework, in particular regulatory compliance, and tolerated risk exposure.
Act as Cyber Security expert within the Second Line of Defence (2LOD), providing advice and guidance to 1LOD on best practice cyber security and to business driven change activity.
Working with the Enterprise Architect to ensure solutions are delivered in accordance with IT Security policies and Standards
Ensure we can effectively respond and recover from Cyber Security Incidents.
Working with the Head of Information Security on ways to defend the business from current cyber threat landscape, identifying emergent threats and recommending innovative controls and mitigations.
Work together with the 1LOD and provide evidence that IT Security operations are within risk tolerances (e.g., Evergreen IT, Patching, Vulnerability scanning and Pen Testing) (supported by a 2nd member of the 2LOD team)
Oversee compliance with the cyber security standards and policies liaising with CIO (1LOD) where responsibility spans Lines of Defence.
Maintain security performance metrics/ KPIs, recommending improvements where appropriate.
Effective use of specialist tools and logging to review the cyber status and perform requested "deep dives" as necessary as well as define automated alerting mechanisms, ensuring that these alerts can be assessed and investigates independently by 1LOD and 2LOD.
Engaging with the CIO and the Head of Information Security to ensure that sufficient/ effective cyber defences are implemented, giving the business value for money for any procured Cyber Security solutions, including Cyber Risk Insurance.
Responsibility for the effective cyber security training and awareness.
Knowledge
- Educated to degree level (or equivalent), possessing at least one security accreditation (e.g., CISM or CISSP)
- Good working knowledge of cyber security standards (i.e. NIST, ISO 27001, Cyber Essentials, GDPR).
- Previous experience in the practical use and management of products such as Defender, Darktrace and Mimecast
- IT security management knowledge, skills, and experience.
- Familiarity of firewall rulesets and the requirements for effective cyber defence.
- Familiar with the Microsoft stack from Desktop products to server products to Azure
Experience (Essential)
- Working in Financial Services or another regulated market, such as aviation or energy.
- Managing the delivery of an organization–wide Information Security related strategy
- Knowledgeable in common Data Leakage reasons and effective prevention.
- Working with on premise, public and/or hybrid cloud environments
- Conducting security–based investigations, the management of such inquiries and liaison with external BACB engaged investigation parties.
