Head of Information Security
Job Reference: HISB/15594SK
Salary: Â£100000 - Â£130000 Per Annum + 30% bonus + Car and more
Salary per: Annum
Job Start Date:
Vacancy Posted: 24-07-2018
Contract Type: Permanent
Location: Basingstoke, England, Hampshire
Head of Information Security required for a leading client in Basingstoke
The Head of Information Security is responsible for providing leadership and strategic direction for Information Security within the client; in particular, setting and policing the Clients policies to minimise information security risk in line with the Clients Risk Appetite; identification of Information Security threats; providing consultancy and guidance to projects and other initiatives; continually improving information security awareness, and managing and reporting on IT and Information Security risks.
Role Specific Responsibilities & Accountabilities
Responsible for the establishment and maintenance of an Information Security management framework (comprising Information Security Policies, Standards and documented security controls which form part of the Information Security Management System) & ensuring compliance with the policies.
Own and develop information security compliance activities across the organization including ISO27001 and PCI-DSS.
Provide a ‘centre of excellence’ for information security management, offering internal management consultancy advice and practical assistance on information security risk and control matters throughout the organsation, promoting the commercial advantages of managing these effectively and efficiently.
Direct the governance elements around Information Security, maintaining an accurate picture of the security risk to which the client is exposed through its IT Infrastructure and systems making sure the Executive team are aware of this picture through the Information Security Steering Group, Risk framework and otherwise as necessary
Identify IT countermeasures to prevent Financial Crime and identify risks relating to new and emerging technologies and business technology practices, identifying significant threat changes and exposure of information and information processing facilities to threats
Identify and track IT security best practices, continually reviewing the effectiveness of the information security controls, ensuring that the implementation of information security controls is co-ordinated across the organisation to maintain/improve information security and ensure that Staff IT security awareness is maintained.
Manage the data security risks associated with business to business ventures, new acquisitions and use of third party suppliers and solutions.
Provide IT security governance, support compliance and monitoring of IT practices in line with regulatory requirements.
Provide consultative support to the Security Operations team around evaluating information received from the monitoring and reviewing of information security incidents, collection of evidence in line with ACPO guidelines as required and recommend appropriate actions to IT Ops in response to identified information security incidents.
In collaboration with the IT Security Operations team, engage with 3rd party organisations to ensure appropriate vulnerability assessments and security audits are conducted to ensure the rigour of information security processes and systems, providing recommendations to minimise the likelihood and impact of any denial of service, penetration, or fraudulent activities / attacks that could affect brand or business.
Liaise with and offer strategic direction to related governance functions (such as Physical Security/Facilities, Risk Management, IT, HR, Legal and Compliance) all levels of management across the Group as necessary on information security matters such as routine security activities, security risks.
Develop a structured programme of work to strengthen the information security framework, recognising and anticipates the different internal and external drivers – commercial and regulatory.
Rationalise the various needs/demands of the cleints businesses (in particular where regulated) and B2B business partners
Capability, Knowledge and Experience:
* Substantial experience in an Information Security Management role, preferably in a commercial, FCA regulated organisation with experience of information security, audit and risk assessment
* Strong understanding of information security and an up to date knowledge of applicable regulations and standards, e.g. ISO 27001, Data Protection Act, RMADS, GDPR and PCI DSS.
* Operating up to executive board level, with an ability to translate technical inputs into business outputs.
* An understanding of Information Security controls and best practices such as NIST, CIS, CPNI, CSC
Education and Qualifications:
* Educated to degree level.
* Information Security qualifications such as CISSP, CISM, CEH, PCI-ISA
* Data Protection qualifications such as BCS Certificate, CIPP/E
Benefits include – 30% Bonus, Generous Car Allowance, 25 Days holiday increasing with loyalty, Generous pension contribution, Childcare vouchers, Staff discounts and many more
Due to the volume of applications received for positions, it will not be possible to respond to all applications and only applicants who are considered suitable for interview will be contacted.
Proactive Appointments Limited operates as an employment agency and employment business and is an equal opportunities organisation
We take our obligations to protect your personal data very seriously. Any information provided to us will be processed as detailed in our Privacy Notice, a copy of which can be found on our website http://proactive.it/privacy-notice/
Proactive Appointments Limited take our obligations to protect your personal data very seriously. Any information you provide to us as part of your application for this vacancy will only be processed as detailed in our Privacy Notice. If you have any questions or would like further information please email GDPR@proactive.it.