Skip to main content

This job has expired

You will need to login before you can apply for a job.

Head of Cyber Risk

Employer
Telrock Systems Limited
Location
London (Central), London (Greater)
Salary
Up to £95,000 per annum + benefits
Closing date
8 Mar 2021

View more

Sector
Finance, IT, Security
Job Role
CISSP
Job Type
Permanent

Introduction

With offices in London, UK and Atlanta, USA, Telrock is a rapidly growing, successful international technology company providing modern SaaS-based, PCI DSS compliant 24x7x365 software solutions to banks, financial services companies and other organisations in Europe and North America. The company delivers its solutions on company owned modern technology assets and infrastructure hosted at leading third-party hosting services partners. The company wishes to strengthen its senior management team through the appointment of an experienced Head of Cyber Risk to continue development and oversight of its evolving information security risk management posture. The position will report to the US based CEO but will operate alongside UK domiciled Global IT Operations, DevOps, Service Delivery Management, and other functional leaders from the company’s UK corporate facility located in the Old Street area of London.

Position Summary

As a member of the senior management team, the Head of Cyber Risk will be accountable for the company’s information security risk management strategy and drive and evolve the company’s information security posture commensurate with the company’s growing business needs. He/she will: -

  • Apply a risk-based approach to design, develop, implement, and monitor a comprehensive enterprise information security program and deliver periodic assessment and recommendations to the management board.
  • Work directly with IT Operations, DevSecOps, Development and Service Delivery functions and company Data Protection Officer peers to facilitate risk assessment and risk management processes.
  • Develop, maintain, and enhance an information security management framework and all related policies, standards, and processes.
  • Drive information security governance and culture across the organisation.
  • Ensure strong and positive day to day working relationships with all key stakeholders.
  • Represent the company internally and externally as the authoritative voice in the area of information and cyber security and governance.
  • Manage and oversee the company’s annual PCI DSS gap and audit process with the company’s appointed independent Qualified Security Assessor (QSA) and periodic independent Penetration Test program with its appointed services partner.
  • Partner with business stakeholders across the company to raise awareness of risk management concerns.
  • Assist with overall technology planning, providing a current knowledge and future vision of information security aspects of technology and systems.

Experience Specification

  • Demonstrable experience as an information security professional (ideally associated with the provision of services related to the processing of CHD and NPPI in the financial services arena) especially in the areas of risk-based risk assessment, information security strategy, governance, information security policy creation and maintenance and information security monitoring and compliance.
  • Formal certification (CISSP, CISM or CRISC) and formal training in information security standards and best practice (e.g., PCI DSS, ISO 27001).
  • Formal certification and / or experience in cloud security principles (CCSP)
  • Experience Implementing and / or maintaining formal best practice information security compliance or certification (e.g., PCI DSS and SOC2 type2).
  • Up to date knowledge of key information security technologies including encryption, vulnerability and penetration testing, compliance checking, anti-virus, firewall, other perimeter security and intrusion detection technologies as well as risk management systems, asset management and security event and incident management and monitoring.
  • Working knowledge of UK and US Data Privacy regulations.
  • Demonstrated ability to build relationships at different levels of the organisation.
  • Capable of working with and earning the respect of senior customer stakeholders.
  • Able to articulate and agree a clear vision for information security strategy.
  • Excellent verbal, written and presentation skills.
  • Experience of evaluating, creating, managing, and providing information security training.

 

NOTICES:

PLEASE INCLUDE IN YOUR APPLICATION THE FOLLOWING:

CONFIRM YOUR ELIGIBIITY TO WORK i.e. - BRITISH PASSPORT OR RIGHT TO WORK

**ONLY APPLICATIONS WITH AN ATTACHED RESUME WILL BE REVIEWED**

Get job alerts

Create a job alert and receive personalised job recommendations straight to your inbox.

Create alert