Head of Information Security and Data Protection - London

£90,000 - £100,000 - IT/Information/Cyber Security
Ref: 70 Date Posted: Sunday 02 Aug 2020
LinkedIn ShareShare
Key responsibilities 
Being the Group DPO and Security lead as the Subject Matter Expert on all areas of Data Protection and Cyber & Information Security
Responsible for implementing and maintaining the strategy and programme to ensure critical information assets are identified and adequately protected
Implement and embed the groups security frameworks’ policies, processes, standards and controls across all companies 
Developing and embedding key operational processes and controls in Data Protection and Cyber & information Security
Identify and assess Security and Data Protection related risks and provide proportionate mitigation options and advice to business risk owners for decision making
Manage the establishment, maintenance and reporting of a group wide security training program
Collaborate with line manager on an integrated business continuity management approach and plans
Evaluate prevailing and emerging security threats and trends for management
Manage the timely Security Incident Response, including evaluating and reporting on business impacts of security incident trends
Periodically undertake current state assessments of security and data protection for each company and group, to baseline and benchmark findings for senior management
Conducting risk and assurance assessments using standards-based controls, internally, the supply chain and 3rd parties. 
Additional responsibilities (if any) 
Respond to customer-initiated questionnaires on security and data protection.
Manage and maintain group wide templates for legal agreements (NDAs, DPAs etc.)
Required experience/skills: 
Excellent communication and mentoring skills both to technical and non-technical audience
Experience with GDPR compliance implementation, monitoring and improvement
Experience with industry frameworks in Information & Cyber Security and BCM.
Recognised expert knowledge and experience in data protection and cyber security frameworks policies, processes and controls; such as: NIST CSF, ISO27001, CSC CIS, ISO22301, TOGAF/SABSA
Familiarity and direct experience of different technology architectures; (on-premises, hybrid and cloud technology); security operating models; security reference architecture and; controls design.  
Demonstrable experience in a variety of practitioner roles as a Cyber Security and Data Protection practitioner.
Pragmatic, practical and flexible to balancing business and operational needs and options against security risk
Able to operate as strategic, tactical and operational level
A proactive and a natural collaborator with a desire to help and support the business achieves its objectives along with shared goals.
Nice to have experience/skills: 
Business background in addition to the required technical background.
Required qualifications/certifications: 
Desirable: BSc/MSc in Cyber or Information Security domain from a recognised university
Essential one or more industry certifications: CISSP, CISA, CRISC, SANS GIAC, CIPP/E, CIPM
5-10 years’ experience acting in a similar security related positions with at least 3 of them in front-line business facing roles