The following job is no longer available:
Lead Security Specialist

Lead Security Specialist

Posted 14 June by Ember Search Ended

My Client is currently investing heavily across all areas of cyber security and technology risk. This newly created leadership role will see the successful Lead Security Specialist manage a small Information Security team to deliver a range of services across all major business areas and locations. The role will suit a Lead Security Specialist with a can-do, hands on approach along with demonstrable experience in consultancy, risk assessment and solution design. Ideally will have relevant security accreditations.

The role will have responsibility to direct, create and evolve Information Security roadmaps to meet my Client’s group current and future IT needs.

This role will act as a bridge between senior stakeholders the board, business colleagues, product owners and engineers and working closely with the wider business (e.g. Legal / HR / Technology Services) to achieve its objectives.

Main Duties & Accountabilities:

  • Champion the adoption of best practices to reduce business critical threats whilst implementing IT security governance, policies and industry standards across the enterprise
  • Responsible for defining and leading the implementation of the information security policy globally
  • Identify security standards, practices and policies that the organisation must comply with
  • Own the implementation of the information security policies, tools, processes directly and through other business functions
  • Provide security input into the data protection and compliance functions of the business
  • Create and build relationships and managing 3rd parties to achieve relevant accreditation / certification for compliance
  • Production of policy and procedural materials for internal and external usage
  • Responsible for the selection and implementation of tools and technologies that help security and compliance
  • Define and lead internal and external education and awareness programmes

Ensure Client remains a low risk business that can manage unexpected events (tech service / info sec items) by:

  • KPI and baseline reporting metrics for information security status
  • Regular exec summary reporting of organisational information security
  • Owning vulnerability management, assessments and reporting including patch management
  • Responsible for security auditing, internally and externally, reporting on threat assessment
  • Responsible for assessing the organisations security state through announced and unannounced exercises
  • Owning fire drills and test exercises for incident response and handling

Engage and influence the wider company:

  • Lead Information Security practices and act as a best practice ambassador
  • Influence behavioural change across the organisation
  • Drive policy and process improvement in a business-friendly manner and ensure adopted into business as usual activities
  • Being recognised as an approachable and helpful representative of information security

Win new business and form new relationships through:

  • Building relationships with CISO / Information Security representatives of customers and prospective customers
  • Client being externally recognised as a highly secure provider in its sector
  • Design and guidance for RFP’s and contractual agreements (info sec / data protection / compliance aspects)
  • Being competitive through compliance with desirable / required regulation / standards / practices

Required skills, experience & knowledge:

  • Strong experience operating in uncertain environment dealing with senior members of staff and influencing key stakeholders with a view to influencing C-Suite level stakeholders
  • Excellent working experience of developing, publishing, maintaining control processes and policies around IT Security
  • Strong and demonstrable experience of risk analysis, cyber security issues, risks and solutions not just covering tooling, but also its impact to wider business context
  • Strong experience of incident response and learning from them
  • European and international (US / Asia) operating experience
  • Relevant security accreditations (e.g. CISP or CISM/CISA)
  • Strong working knowledge of implementing/managing GDPR / DPA / ISO 27001 / ISO 9001 / Cyber Essentials / ITIL / PCI compliance experience
  • Enterprise / internet technology background from a corporate environment with an ability to engage with and manage 3rd party vendors

Desirable skills, experience & knowledge:

  • Working with internal and external legal teams
  • Ethical hacking / penetration testing background
  • Involvement in open source security projects
  • Product development processes and agile project methodologies


Leading and Deciding:

  • Drive and lead working parties and teams to further the role objectives including organising and managing those teams as required to achieve the required outcome.

Supporting and Co-Operating:

  • Establish a strong collaborative relationship with peers and colleagues facilitating the ability to implement policies and procedures across the organisation without needing / having direct line management of the colleagues participating.

Interacting and Presenting:

  • Define and communicate the vision for a secure and compliant organisation to the business helping colleagues understand why it is important for them to be compliant / adhering to policies and procedures and feeling part of the process rather than constrained by rules.

Analysing and Interpreting:

  • Analyse complex information and large data sets then distil it into summary form highlighting key points and considerations and providing a set of decisions points or topics for debate.

Creating and Innovating:

  • Support colleagues to improve processes and policies including productivity enhancements and new business relationships by taking pragmatic and practical approaches to problem solving and understanding the balance between competing objectives.

Required skills

  • Data Protection Act
  • Information Security Governance
  • ISO Procedures
  • Risk Analytics

Reference: 35389018

Bank or payment details should not be provided when applying for a job. is not responsible for any external website content. All applications should be made via the 'Apply now' button.

Report this job