Company: Financial Services
Location: City of London
Reports to: CISO
Salary: £70,000 - £75,000
Benefits: See below
In close collaboration with the Chief Information Security Officer, lead the remediation program definition, implementation and reporting to ensure risk are mitigated and security compliance met.
The remediation program will cover the following thematic (list not exhaustive): Access governance, Infrastructure hardening, critical information identification and protection, IT & Digital assets management, Awareness and training, etc.
• Define the remediation program:
o Analyse Group and regulatory requirements (+500 controls).
o Identified control gaps and made recommendations to the management including appropriate controls to be implemented to mitigate the information risk and ensure compliance.
o Structure remediation action into security projects and prepare project plan, manage resource allocation and budget.
• Execute the remediation program (~15 projects):
o Formalize the functional and / or technical specifications.
o Develop policies, procedures and framework based on industry standards and Group templates.
o Run information discovery and security risk cartography exercises.
o Analyse compliance reports and perform technical assessments.
o Facilitate interface between businesses and information security / IT teams to ensure the right control is delivering the expected level of coverage against identified policy documents.
o Plan/organise the contribution to the security remediation program of both internal and external teams (IT and Business teams) explaining security requirements and helping them to identify and execute remediation actions.
• Report on the remediation program:
o Define and produce related KPIs/KRIs/dashboards to manage remediation program execution and present key highlights to the CISO and the existing security and risk committees.
o Set up and animate/contribute to related governance.
• Delivery of the remediation program tasks in the defined schedule with the achievements/deliverables defined.
• Remediation program contributors successfully engaged and briefed.
• Accurate and quality remediation tasks progression reporting delivered with KPIs, KRIs and dashboards defined and produced for the appropriate audience and the level of information security risk remains within agreed target levels.
• Remediation program and related key decisions agreed by relevant Committees and in alignment to local and Group Security /IT Risk policy. Demonstrates extensive security experience at committees, and provides insightful input to policy, standards and technology at a global level.
Dimensions Impacted by Job
• Delivery of the remediation program in the timeline agreed.
• Will be required to plan/organise the contribution to the security remediation program of both internal and external parties.
Skills & Experience
• Have CISSP or an equivalent professional security qualification
• Have a minimum experience of 8 years within information security activities.
• Demonstrate a significant IT background and technical knowledge of the main security topics encountered in the context of business application projects (IAM, encryption, development security, etc.) and related solutions to meet them.
• Have experiences in program and/or projects management. Experience in Security standard (i.e. ISO27001, ISF) implementation is a plus.
• Have the ability to work autonomously appropriately direct the work of the team as necessary.
• Be able to achieve consensus on the 'best' approach in the circumstances with stakeholders and the ability to negotiate at management level.
• Have the ability to present information concisely and to clearly identify key issues at management level.