Company: Financial Services
Location: City of London
Reports to Head of Information Security & Data Protection
Protecting our clients’ data and privacy are our key priority. This highly visible role as an Information Security Manager is an exciting opportunity for the right candidate to work with a high-profile financial services firm, at a time of exciting change and growth. The successful candidate will work across all areas of our business and will tackle many different aspects of security from a second line perspective. This role would suit an enthusiastic individual who thrives in a fast-moving environment, is a proactive self-starter, and who approaches challenges positively. Integrity and ability to hold a position are critical to this role, to ensure the firm’s business operates safely and securely.
Within this role you will support the Head of Information Security & Data Protection in the delivery of 2nd Line of Defence duties relating to Information Security and Data Protection, ensuring a comprehensive information security awareness program across the organisation including focused training where required.
• Act as a point of expertise in the field of Information Security for all levels of the business, providing expert advice and guidance, demonstrating sound technical judgement and a thorough understanding of the risks.
• Educate and influence stakeholders in respect of Information Security to build a strong security and privacy culture.
• Monitoring compliance against the Information Security Policy and providing regular reports to stakeholders and the Risk Management Committee as required, including KRI’s relating to the Information Security Risk.
• Ensure Governance structures are in place and operating effectively to support Information Security and Data Protection compliance and risk management.
• Oversight of the third party and change teams to ensure outsourcing and change management activities are suitably managed and that security is effective.
• Support the Data Protection function in the delivery of its own objectives; ensuring that risk assessments, DPIAs and technical and organisational measures are in place in accordance with firm policy and the (UK) GDPR.
• Undertake risk analysis and exception reporting and other desk-based methods to monitor relevant activities across the organisation.
• Assist in assessing regulatory requirements and where necessary escalate the findings; Identifying relevant industry, regulatory and legal changes that will impact the firm, and supporting preparation for these.
• Design and implement oversight and management procedures to respond to policy and security failures.
• Assist in supporting awareness across the Group of Information Security & Data Protection
• Support the strategy for Data Protection Risk.
• To support the alignment of security management in line with ISO27000
• Educated to degree level or equivalent experience relevant to the role
• Appropriate external accreditations are desirable – one or more from CISSP, CISM, CISA, CIPP/E
• 4+ years relevant industry experience in an Information Security role
• Demonstrable knowledge of and active interest in information security principles and best practices such as ISO 27001
• Practical experience of managing information security risk in a comparable organisation.
• Effective communication skills (written and verbal)
• Good administration, planning and organisation skills
• Basic report writing techniques and skills
• Good team player – readily assists team, particularly in busy periods