Information Security Manager (FTC)

Recruiter
Investigo
Location
London
Salary
Competitive
Posted
29 Mar 2024
Closes
26 Apr 2024
Employer Sector
Technology, IT & Telecoms
Contract Type
Permanent
Hours
Full Time

Information Security Manager (12 month FTC) – Hybrid London

Key Accountabilities

Supporting the management of the Cyber Security function maintaining compliance with our NIST based cyber security framework.

Responsible to Head of Operational Risk for Information Security RCSA framework, in particular regulatory compliance, and tolerated risk exposure.

Act as Cyber Security expert within the Second Line of Defence (2LOD), providing advice and guidance to 1LOD on best practice cyber security and to business driven change activity.

Working with the Enterprise Architect to ensure solutions are delivered in accordance with IT Security policies and Standards

Ensure we can effectively respond and recover from Cyber Security Incidents.

Working with the Head of Information Security on ways to defend the business from current cyber threat landscape, identifying emergent threats and recommending innovative controls and mitigations.

Work together with the 1LOD and provide evidence that IT Security operations are within risk tolerances (e.g., Evergreen IT, Patching, Vulnerability scanning and Pen Testing) (supported by a 2nd member of the 2LOD team)

Oversee compliance with the cyber security standards and policies liaising with CIO (1LOD) where responsibility spans Lines of Defence.

Maintain security performance metrics/ KPIs, recommending improvements where appropriate.

Effective use of specialist tools and logging to review the cyber status and perform requested "deep dives" as necessary as well as define automated alerting mechanisms, ensuring that these alerts can be assessed and investigates independently by 1LOD and 2LOD.

Engaging with the CIO and the Head of Information Security to ensure that sufficient/ effective cyber defences are implemented, giving the business value for money for any procured Cyber Security solutions, including Cyber Risk Insurance.

Responsibility for the effective cyber security training and awareness.

Knowledge

  • Educated to degree level (or equivalent), possessing at least one security accreditation (e.g., CISM or CISSP)
  • Good working knowledge of cyber security standards (i.e. NIST, ISO 27001, Cyber Essentials, GDPR).
  • Previous experience in the practical use and management of products such as Defender, Darktrace and Mimecast
  • IT security management knowledge, skills, and experience.
  • Familiarity of firewall rulesets and the requirements for effective cyber defence.
  • Familiar with the Microsoft stack from Desktop products to server products to Azure

Experience (Essential)

  • Working in Financial Services or another regulated market, such as aviation or energy.
  • Managing the delivery of an organization–wide information security related strategy
  • Knowledgeable in common Data Leakage reasons and effective prevention.
  • Working with on premise, public and/or hybrid cloud environments
  • Conducting security–based investigations, the management of such inquiries and liaison with external BACB engaged investigation parties.