Information Security Framework Manager

Job Description
Information Security Framework Manager required for market-leading financial services firm. This is a senior role within our Information Security Privacy, Policy, and Awareness Team with accountability for the design, technical guidance on control implementation and continual improvement of the ISMS. The role has a direct report.
Responsibilities

• Responsible for the embedding and continual improvement of the ISMS, ensuring its effective design and operation in the Bank
• Ensure the clear design and articulation of information security controls which align with the Bank's legal, regulatory, and business needs
• Provide stakeholders with technical guidance on control requirements, to ensure implementation and effective operation
• Managing the design and delivery of the bank's ISMS process, applying a structured plan-do-check-act methodology
• Maintaining oversight of ISMS effectiveness in line with Framework Owner responsibilities in the Bank's Risk Management Framework and monitoring business performance against information security controls, including maintaining effective framework performance metrics (KCIs), coordinating and presenting effective risk scorecards and quarterly management reports at the bank's Data Governance Committee, to ensure and support the Committee's oversight of the ISMS and influence decision making on areas requiring focus or improvement
• Influencing business priorities and control owner plans for information security improvements and risk mitigation
• Influencing across the Bank, including senior management, to ensure clear ownership and accountability for information security controls
• Influencing the effective integration and ongoing alignment of the information security framework with the Bank's Risk Management Framework and operational risk processes
• Responsible for creating and maintaining the bank's Information Security policy, ISMS, Control Standards, and instructions, and for the effective planning, prioritisation, and delivery of their review cycles to ensure the framework is kept up to date, aligns to UK legal, regulatory and good practice requirements and Bank's global minimum standard for information security
• Manage the planning and delivery of the team's Information Security Framework business plan, including effectively leading and developing team members, managing any changes, new demands, requirements, or issues, and providing regular status/delivery performance reports to management as required
• Provide specialist information security policy advice, support, and challenge to stakeholders across the Bank, and represent the Information Security team with Business stakeholders as a trusted advisor, finding cost-effective security solutions that efficiently support customer needs
• Support the continued development of specialist information security technical knowledge within the UK Information Security team
• Deputise for elements of the reporting manager's role (Privacy, Policy & Awareness Manager) as required, on an ad-hoc basis, to cover absences, periods of increased workload, etc

As an ideal candidate, you will have an industry certification such as CISSP/CISM/CRISC and have expert knowledge of information security frameworks. You will also have a proven track record of delivery in a similar role. Experience in financial services is highly advantageous.

IND123