A global Investment Management firm is looking to add an outstanding Senior Information Security Officer to their successful team based in the City of London.

As the organisations Info/Cyber Security SME you will be responsible for enhancing and developing the security stance of the firm globally. You will be supporting the business in ensuring that the Info/Cyber Security tools and processes are fit for purpose and tailored to any impending regulatory or external changes.

Duties & Responsibilities:

• Be responsible for managing the development and on-going implementation of the Information/Cyber Security strategy and objectives.
• Build and implement an ISMS.
• Enhance and develop existing policy and frameworks
• Have ownership and day to day management responsibility for all Cyber Security systems, applications, policies and processes.
• Staff education, awareness and training of cyber security risks and preventative actions are regularly delivered via multiple channels and a robust cyber security communication plan.
• Perform security risk assessments, providing guidance on the implementation of all projects with information security implications across the company.
• Implement and maintain KPIs and metrics to allow the monitoring of compliance with security policies and procedures against industry standard/best practice.
• Network and partner with other organisations to improve knowledge and approach.
• Carry out full security audits (internal and external with relevant suppliers) and ensure compliance and best practice is adhered to.
• Act as a key stakeholder in the identification of cyber security risk and the design and introduction of appropriate controls and mitigation.
• Implement and improve procedures and processes to optimise information security effectiveness. The role will also include the management of cyber security incidents from second-line investigation through to resolution.
• Ensure compliance with ISO27001, PCI DSS v3.2.1, GDPR, and other required FCA and broader global financial services compliance requirements
• Supporting the implementation of security culture and embedding of security controls into business change and processes
• Managing security for the allocated business units and teams to ensure programs are delivered and business operations are reviewed to identify high risk processes
• Being the Interface between the business team and the broader technology teams internal and external
• Assisting International level teams and capabilities to understand the business operations to enable security services to be optimised for all areas
• Driving security awareness and education throughout the business units. Win hearts and minds and maintain a security culture
• Proactively coordinating Cyber risk resolution
• Supporting Security Solution engagement in Change Programs
• Promote and champion best practices for Cyber Security, Risk Management, ITIL and service delivery

Experience and Qualifications Required

• CISSP
• 10 yrs minimum Cyber Security experience
• Broad IT security management knowledge, skills and experience
• Microsoft Windows Servers, Azure, O365 Security and Compliance
• Data Leakage prevention experience
• Forensic Investigations and Risk Management experience
• Amazon Web Services (EC2, S3 & WAF) experience
• Proven ability to build relationships with senior business and security stakeholders.
• Excellent communication skills that can transcend technical and non-technical audiences
• Experience with implementing or managing risk management processes and tools
• The ability to work in a constantly changing and fast paced environment. Strong team ethic combined with determined approach to ensure completion of work
• Relevant degree and professional security qualifications (alongside CISSP) such as CISA or CISM preferred or willingness to study for professional security qualification
• Change management and information security risk & governance experience
• Experience of compiling information for the purposes of internal and external audits/ regulatory commitments
• Relevant cyber and security experience in financial services industry with a clear understanding of the relationship between risk and commercial requirements

Please send through an application if this sounds like a suitable role, one of our team will be in touch with the suitable individuals in due course.