||London, Edinburgh or Newcastle – Hybrid working
||Head of IT Security
||£90,000, 12-month Fixed Term Contract
A fantastic opportunity has arisen for a Security Advisor within our growing Security Advisory and Assurance team, which is focussed on providing support to ensure that the products and services that the organisation delivers to our clients are Secure, Resilient and respects the privacy needs of the organisation, our Colleagues, our client’s and their data.
You will lead or contribute to risk management activities across security domains, projects, operational requirements and technical change initiatives, providing expert advice that highlights Security, Digital Resilience or Privacy risks so Risk or Asset Owners can make well-informed and auditable decisions.
• Develop and deliver Security, Digital Resilience and Privacy advisory and assurance services (including risk assessment and management) as a “one stop shop” to stakeholders in support of BAU or change initiatives
• Lead or contribute to quality risk assessments across security domains, projects, operations and technical change initiatives
• Provide expert advice that highlights Security, Digital Resilience or Privacy risks, so Risk or Asset Owners can make well-informed and auditable decisions
• Provide tailored advice to a range of technical and non-technical Stakeholders on how to remediate identified risks in a pragmatic manner by proportionately applying security capabilities, using published guidance, standards, and drawing on a range of experts as well as personal expertise
• Support our Vendor Management programme by ensuring new or existing business relationships support and adhere to the information security standards and principles through the lifecycle of the relationship
• Ensure stakeholders are aware of the importance of building and delivering business products and services that are aligned with the principles of Security, Resilience and Privacy by Design
• Build strong relationships with stakeholders across the business and 2nd Line of Defence including IT GRC, IS&DP, Risk and Compliance and Legal
• 3+ years experience in Information Security and Information Risk Management
• 3+ years experience working with industry standards, such SOGP, NIST, ISO27001
• 3+ years experience in Third Party Security
• Financial services experience is beneficial but not an absolute requirement
• Experience with tools such as OneTrust is beneficial but not an absolute requirement
• Ability to adapt to change quickly, work comfortably with ambiguity, and manage multiple tasks successfully
• Ability to develop partnership-oriented relationships with technical and non-technical stakeholders across all levels of an organisation, especially as it relates to risk management
• Ability to evaluate risk implications inherent in new or changing third party relationships, changes or BAU activities
• Ability to persuade and influence others on next steps
• Ability to quickly come up to speed in any area, sufficient to speak with an informed opinion and create a credible impression with stakeholders
• Excellent strategic thinking and analysis skills to drive predictive modelling and solutions that decrease the likelihood of a risk event.
• Must have strong verbal and written communication skills; interpersonal collaborative skills; and the ability to communicate security and risk-related concepts to technical and non-technical audience to stakeholders across all levels of an organisation