Responsibilities
- Adherence to the Information Security Standards by control owners
- Training and Awareness Programme
- Phishing Tests of staff, reporting and training
- Actionable Threat Intelligence including Domain Monitoring, social media and Deep and Dark Web monitoring
- Data Loss Prevention/Detection - monitoring staff's use of email and web usage to detect any non-adherence of acceptable use
- Committee papers showing KPIs/KRIS and supporting documentation.
- Third Party Reviews of suppliers
- Managing the annual risk assessment process and presenting results to senior management.
- Performing analysis and testing of controls within our internal environment.
- Managing the training and awareness program for employees globally including;
- Evaluating the trends in Human Risk, using available technology to understand the areas that require staff to be trained in
- Designing and releasing eLearning modules for all staff,
- Participating in Cyber Security Awareness month and organising educational activities.
- Writing global communications.
- Working with IT and the business to deliver key certifications and meet ever-changing regulations.
- Conducting timely Information Security assessments of third-party suppliers, recording results accurately and initiating appropriate responses.
- Participating in ad hoc projects to provide analysis on Information Security risks.
- Minimum of 5 years' experience working within Information Security.
- Experience working in the financial industry
- Desirable Qualifications - ISACA CISA, CISM or CRISC
- Understanding of ISO27000, NIST CSF, Cyber Essentials and audit processes.
- Good written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
- Analytical skills and the ability to manage multiple projects under strict timelines.
- Line management/Team management experience