Head of Information Security - Indian Ocean

Generous expat package - IT/Information/Cyber Security
Ref: 180 Date Posted: Thursday 11 Jul 2024
Title:                      Head of Information Security
Reference No:    2145
Company:           Financial Services
Location:              Indian Ocean
Reports to           COO
Salary:                   Competitive expat package
 
The Role
 
Over the years the Bank has implemented numerous initiatives as part of its Digital Strategy and amongst others has developed a modern and performing Information System. In a continuously evolving environment where the pace of delivery is a strong competitive advantage, the Bank continues to invest and innovate to deliver new products/functionalities and a world-class customer experience to its customers.
 
Main job purpose
 
Partners at all levels of the organization to develop, implement, and execute an organization-wide Information Security strategy that optimizes employee capabilities, achieves the organization's strategic objectives, and delivers competitive advantage.
The Head of Information Security is a high-level executive responsible for the development, implementation, and management of the organization's information security and cybersecurity strategy. He plays a critical role in safeguarding sensitive data, ensuring regulatory compliance, and mitigating cyber threats.
 
Key responsibilities:
 
1. Information Security Strategy:
  • Develop and communicate the organization's information security strategy, vision, and goals to executive leadership and stakeholders.
  • Align information security initiatives with business objectives.
2. Cybersecurity Operations:
  • Oversee day-to-day cybersecurity operations, including incident response, threat detection and vulnerability management.
  • Monitor and analyze security alerts, breaches, and incidents, taking appropriate actions to mitigate risks.
3. Works with Risk Management:
  • Identify, assess, and prioritize information security risks and vulnerabilities.
  • Develop and implement risk management strategies and controls to protect critical assets.
4. Security Governance and Compliance:
  • Establish and maintain information security policies, standards, and procedures.
  • Ensure compliance with industry regulations (e.g., GDPR, HIPAA) and data protection laws.
  • Liaise with regulatory bodies and auditors as necessary.
5. Security Architecture and Technology:
  • Evaluate, recommend, and implement security technologies, tools, and solutions to protect the organization's IT infrastructure and data.
  • Collaborate with IT teams to integrate security measures into technology projects.
6. Incident Response and Recovery:
  • Develop and maintain an incident response plan and procedures.
  • Lead incident response efforts in the event of a security breach or cyberattack.
7. Project Management:
  • Together with Technology and Risks, manage projects related to cybersecurity and data security infrastructure
  • Program Management of FFIEC Maturity
8. Vendor and Third-Party Risk Management:
  • Assess and manage security risks associated with third-party vendors and suppliers
  • Manage or participate in the management of specialized vendors: SOC, Red Team, Forensic Service Provider, Legal / Crisis Service Providers
  • Review and negotiate security clauses in vendor contracts.
9. Security Metrics and Reporting:
  • Define and track key security performance metrics and key performance indicators (KPIs).
  • Provide regular reports on the organization's security posture to executive leadership and the board.
10. Budget Management:
  • Develop and manage the information security budget, allocating resources effectively to support security initiatives.
 
Qualifications:
  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST.
  • Industry certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or equivalent.
 
Education:
  • Bachelor's degree in information security, cybersecurity, computer science, or a related field. A master's degree (e.g., MS in Information Security or MBA) may be preferred.
 
Experience:
  • At least 12 years of experience in a combination of risk management, information security and IT jobs
  • Extensive experience in information security, with proven track record.
  • Deep knowledge of cybersecurity principles, technologies, and best practices.
  • Familiarity with relevant regulatory and compliance frameworks.
  • Strong leadership, communication, and interpersonal skills.
  • Crisis management and incident response experience.
  • Ability to work collaboratively with cross-functional teams.
 
Specialized Skills:
  • Excellent written and verbal communication skills and high level of personal integrity
  • Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
  • Expertise in IT and cyber security
 
Supervision:
  • Team of 15 people