Head of Cyber Security

Head of Cyber Security

Cardiff ( hybrid 2/ 3 days per week on site )

Up to £90,000 + benefits

My client, a leading financial services provider based in Cardiff are actively looking for a Head of Cyber Security to join their small team. You will be leading a team of two with a wider incident response team to support you. This would be an exciting role for someone who has had exposure to all areas of information and cyber security but looking for a step up into a Head of Cyber Security role.

Role responsibilities

• Manage and maintain the Information Security Policies and Procedures (ISMS), ensuring they are reviewed and updated at least annually.
• Manage and maintain the Cyber Security Incident Response Plan and associated scenario playbooks, to ensure they are regularly tested and updated.
• As a member of the Executive Risk Committee, to report on the overall IT & Cyber Risk Appetite Measures and Key Risk Indicators with accompanying commentary and recommendations to ensure stakeholders are aware of the current risks and have the information necessary to make decisions.
• As an active member of the Change Board, to apply the Cyber Security lens to prospective business changes.
• Develop, maintain, and deliver an annual cyber security plan that sets out the key focus areas for the next 12 months based on the changing threat landscape faced by the firm, and prioritising efforts to ensure the controls are commensurate with the risks.
• Chair the Information Security Working Group to manage InfoSec risks and discuss Cyber related activities.
• Provision of training and awareness content (communications, and LMS courses) to engage and educate the organisation about cyber and information security risks and obligations.
• Ensure penetration testing and social engineering testing are conducted at least annually, and for penetration testing after any significant system change that warrants a re-test.
• Ensure the Cyber RCSA is maintained and controls testing is up to date.
• Provide updates, guidance and attendance to OpCo. Operations
• Operate, monitor, and report on Cyber Security controls, ensuring that they are operating in compliance with the documentation and monitoring plans.
• Manage the third-party SOC, ensuring alerts are appropriately tuned and that service levels are with those defined by the service.
• Ensure alerts escalated by the SOC are investigated through to closure, with followup actions added to the plan as required.
• Deliver monthly phishing simulations to all colleagues, and an additional more sophisticated annual test for high value targets
• Provide security oversight of new IT systems, or changes to existing systems, to ensure cyber security is adequately factored in at the solution design stage.
• Investigate Cyber Security incidents that arise within the organisation.
• Responsible for all Cyber Security audits undertaken by 3rd party stakeholders, coordinating audit activities, managing responses and closing out issues identified.
• Provide oversight and monitor 3rd party Information Security audit processes for third parties as required by business stakeholders.
• To work closely with the DPO to ensure alignment of Cyber Security and Data Protection.

For more details, please reach out to . NB I will be on leave for after 19th April, returning 30th. #INDTECH