Title: Chief Information Security Officer (CISO)
Reference No: 2044/31
Company: Financial Services
Location: London or West Sussex
Reports to: Chief Information Officer
The CISO will lead the Group Information Security team, and is a member of the Group IT Leadership team and the Group Senior Leadership. This role is essential to the IT and business strategy, in supporting the IT team, to facilitate client growth ambitions as well as enable the business to maintain a competitive edge through its robust security management framework.
The successful candidate will be responsible for the following:
• Set out group wide information security strategy and plans.
• Directing staff in identifying, developing, implementing and maintaining processes across the organization to reduce information and technology risks.
• Responding to incidents, establishing appropriate standards and controls, managing security technologies, and directing the establishment and implementation of policies and procedures.
• Production and ongoing development of a detailed roadmap to maintain and continuously improve the secure environment of all Group companies.
• Motivating for and delivery of approved projects consistent with the roadmap.
• Reporting the status of group information security to the board and relevant internal and external parties.
• Provision of solutions for gaps identified by internal/external reports or emerging new threats.
• Maintaining suitable IT policies for a well-controlled environment.
• Monitoring compliance against IT Security policies and requirements.
• Chairing the IT Risk Audit Compliance and Security committee.
• Producing a training and development plan for staff with particular influence on matters affecting IT security.
Skills, Knowledge & Experience
The successful candidate will demonstrate the following experience skills and behaviours:
• Proven experience in a senior information security leadership role, ideally gained within a large international financial services or fintech organisation.
• Strong interpersonal skills, with the ability to communicate, influence and negotiate with senior stakeholders to obtain or leverage necessary resources.
• Demonstrate good judgement in navigating challenging issues and in recommending an appropriate course of action.
• The ability to deliver difficult messages and resolve issues to achieve results, whilst maintaining strong stakeholder engagement.
• Strong and demonstrable capability in ensuring delivery of their projects.
• In depth technical level of understanding of infrastructure operations and software engineering, showing a strong understanding of relevant subject matter.
• A deep understanding of vulnerability management and associated monitoring solutions and practices.
• Experience of formal security risk assessment methodologies.
• Must be educated to a minimum of Batchelor Degree level (with Honours) or equivalent, ideally with a focus on Information Technology and/or Information Security.