Information Security Project Lead

Posted 27 October by Sanderson
Easy Apply

Register and upload your CV to apply with just one click

Information Security Project Lead

London - Fully Remote

£700p/d - £900p/d - Umbrella Only

6 Months

Fantastic new opportunity for an experienced Information Security Project Lead for this market leading financial services business. You will be owning and running the information security work stream for a specific project focusing on cloud security, reporting to the project's leadership and the UK GI Security Lead. You will work closely with all the internal and third party supplier security specialists/teams taking a lead in the delivery of the project. You will used to be working at a Head of Information Security or CISO level but could equally be a really good Security Architect, Information Security Manager or Information Security Project Lead that is comfortable being involved in the steerco with the CIO, COO, CISO for the group.

Key Responsibilities:

  • Identify security requirements (people, process, technical, operational) for inclusion into project.
  • Understanding the security aspects of the project to ensure key stakeholders understand them and any issues that may affect security.
  • Maintain an overall understanding of the security posture of the project to provide expert council to project stakeholders to assist in security decision making.
  • Translating security policy requirements into something actionable / applicable to IT systems and services.
  • Planning security assurance activities to link in with project timescales and milestones.
  • Managing security assurance activities including:
    • Familiarisation with Aviva 'security fundamentals' that define security requirements for services
    • Scoping and scheduling penetration tests
    • Scheduling time with technical experts for detailed design reviews
    • Completing any security governance and record keeping
  • Tracking and managing:
    • security risk from the project
    • security assurance deliverables from the project
    • gaps against good security practice / security policy
  • Tracking the delivery of security requirements and identifying any security issues or weaknesses.
  • Producing management information / reports on the above.
  • Key point of liaison between project stakeholders and UK GI Security lead.

Key Responsibilities:

  • Solid technical knowledge with broad experience of security management concepts built up over a number of years in dedicated technical and security operations and / or management roles.
  • In-depth knowledge of infosec governance processes and practices, including, ISMS monitoring and control frameworks such as, ISO, ISF and COBIT, their relationships to other frameworks and their application within a financial services environment or other highly regulated industry.
  • Ability to understand, explain and use common approaches to risk assessment and management.
  • Deep understanding of Secure Development Lifecycles.
  • Working knowledge of:
    • security architecture principles and cloud technologies
    • operations procedures and standard methodologies
    • security technologies such as firewalls, IDS/IPS, encryption SIEM
  • Interpretation of guidelines and procedures to deal with exceptions and make straightforward decisions which have minor consequence of error.
  • Verifies assumptions and information before accepting them, reviews others work and provide constructive feedback.
  • Ability to deal with uncertainty and plan.
  • Communicates in a clear and respectful manner and can produce in-depth written material.
  • Ability to distil complex technical and security topics into easily understood language.
  • Good stakeholder management skills.

For any further queries regarding the role, please contact Danny Palmer on or at

Reference: 44490678

Bank or payment details should never be provided when applying for a job. For information on how to stay safe in your job search, visit SAFERjobs.

Report this job