Overall purpose of role
The Information Security Manager (Third party Security) supports CISO management in the delivery of the business unit's security posture through the implementation, running, testing, reporting and continuous improvement of the information security controls and processes
* Understand the business unit's information/data security posture and risk appetite.
* Identify, resolve and assist in management of security threats, vulnerabilities, non-compliances and risks, focussing on third party and cloud security
* Respond to security events and incidents (co-ordinate business unit response and remediation)
* Perform deep dives on third party security management, including root cause analysis of issues, proposing tactical and strategic solutions; and influencing key stakeholders to deliver necessary control enhancements.
* Support delivery of a programme of work to ensure compliance with the Group Cyber and Information Security posture across the local business, principally covering third party security.
* Communicate specific business unit needs to group projects and escalate non-compliance, providing business value for each sub BU.
* Provide information security advice and direction to projects and business initiatives as required. Ensure change initiatives incorporate information security requirements.
* Be aware of legal and regulatory requirements impacting cyber and information security and advise on compliance.
* Provide support to the business and technology groups on all issues involving how to handle data in a secure manner.
* Support completion of risk and control posture reporting for business unit. Ensure accuracy and completeness of metrics.
* Conduct testing to confirm and evidence that key controls are operating effectively
* Propose and track action plans and remediate control gaps and deficiencies
* Facilitate cross-group and ad-hoc cyber security education and awareness activities.
Risk and Control Objective
Ensure that all activities and duties are carried out in full compliance with regulatory requirements, Enterprise Wide Risk Management Framework and internal Policies and Policy Standards.
Essential Skills/Basic Qualifications:
* The successful candidate must have strong technical background and experience of information security and third party security management, (suppliers and cloud including Iaas, Saas and Paas)
* A strong understanding of different application and infrastructure technologies is required
* Demonstrable relationship/stakeholder management and negotiation skills
* Strong communication skills (written and verbal) that can transcend both junior and senior audiences; the ability to articulate complex concepts to senior management is essential.
* Proactive approach, committed, team-focused work ethic
Desirable skills/Preferred Qualifications:
* The candidate will preferably be educated to a degree level or above in an Information Security related discipline. CISA, CISM, CISSP, ISO27001 or equivalent.
* Experience in the financial services sector.
* Ability to work in a constantly changing and fast paced environment
* Project management experience in a matrix environment is advantageous.
* Data analytics skills and experience
Bank or payment details should not be provided when applying for a job. reed.co.uk is not responsible for any external website content. All applications should be made via the 'Apply now' button.Report this job