Company: Financial Services
Location: London
Reports to UK Managing Director and Group CISO
Salary: £105,000 + generous benefits
The Role
The Chief Information Security Officer is responsible for designing, and architecturally developing a comprehensive information security programme to ensure the confidentiality, integrity and availability of the data and systems is in place. The Technology Dept. technically implement the controls under instruction as this position is a second line function.
Key responsibilities
• Architect and assure security controls operational effectiveness to protect against cyber-attacks, data breaches and other security incidents
• Assume responsibility for information security and compliance programme
• Build, develop and lead a high performing cybersecurity and compliance team
• Advise business and engineering leadership in the implementation of cybersecurity and compliance
• Define a cybersecurity strategy and operating model that is aligned with our business objectives
• Develop and track a clear, measurable cybersecurity plan
• Present regular reports to our Board of Directors
• Integrate an information and cybersecurity risk management framework
• Define and deliver a cybersecurity culture and awareness programme for employees and partners
• Define and develop an information assurance framework, ensuring regulatory compliance
• Lead the design of a secure system development life-cycle
Committee membership/involvement
Member of:
• Operational Risk Committee (ORC)
• Information Security Management System (ISMS)
• Executive Management Committee (for cybersecurity reporting and oversight purposes)
Qualification, Experience
• Relevant information and cybersecurity qualification e.g. ISACA Certified Information Security Manager *CISM), NCSC (GCHQ, UK GOV) Certified Cyber
• Professional certification at senior level.
• Substantial experience in risk management, information security, or incident response
• Minimum of 10 years of experience in information security, with at least 5 years in a senior leadership role
• Experience building and leading a cross functional cybersecurity and compliance team
• Knowledge of information security management frameworks, such as ISO/IEC 27001 and NIST
• Knowledge of international privacy laws and financial reporting requirements
• Understanding of current legislation and regulations.
Essential Competencies / Skills
• Excellent project management, communication and leadership skills
• In depth knowledge of information security management best practice
• Solution oriented to ensure business requirements are achieved
• Proven ability to work under pressure to agreed deadlines
• Change Management
• Operations management
Key success factors
• Maintenance of commensurate security posture for the bank in accordance with the business risk appetite.
• Successful management of Security Incident Response.
• Ability to take risk-based decisions to maintain the CIA of bank data and systems.
• Positive perception from bank top management.
• Tracking and closure of cybersecurity related audit issues