Head of Information Security
Job Reference: HOIS/15362TC
Salary: Â£80000 - Â£100000 Per Annum Bonus + Benefits
Salary per: Annum
Job Start Date:
Vacancy Posted: 30-04-2018
Contract Type: Permanent
Location: Basingstoke, England, Hampshire
Head of Information Security required for a leading British client in Basingstoke
The Head of Information Security is responsible the identification and mitigation of Information Security risk in line with the clients Group’s Risk Appetite. This is achieved through the creation of policy, process, requirements and operational controls, working with other departments (HR, Property, Risk, Compliance, Legal) to continually improve information security awareness by providing leadership and strategic direction for the Information Security within the organisation.
Role Specific Responsibilities & Accountabilities
* Responsible for the establishment and maintenance of an Information Security management framework (comprising Information Security Policies, Standards and documented security controls which form part of the Information Security Management System).
* Operational ownership and enhancement of technical security controls including AV, IDS/IPS, DLP and SIEM
* Own and develop information security compliance activities across the organization including ISO27001 and PCI-DSS
* Provide a ‘centre of excellence’ for information security management, offering internal management consultancy advice and practical assistance on information security risk and control matters throughout the organisation, promoting the commercial advantages of managing these effectively and efficiently.
* Direct and control all aspects of Information Security, maintaining an accurate picture of the security risk to which the client is exposed through its IT Infrastructure and systems making sure the Executive team are aware of this picture through the Information Security Steering Group, Risk framework and otherwise as necessary
* Identify IT countermeasures to prevent Financial Crime and identify risks relating to new and emerging technologies and business technology practices, identifying significant threat changes and exposure of information and information processing facilities to threats
* Identify and track IT security best practices, continually reviewing the effectiveness of the information security controls, ensuring that the implementation of information security controls is co-ordinated across the organisation to maintain/improve information security and ensure that Staff IT security awareness is maintained.
* Manage the data security risks associated with business to business ventures, new acquisitions and use of third party suppliers and solutions.
* Provide IT security governance, support compliance initiatives and monitoring of IT practices in line with regulatory requirements, providing clear direction and visible management for security initiatives assessing the resources needed to ensure information security endeavours are and remain effective.
* Evaluate information received from the monitoring and reviewing of information security incidents, co-ordinating the collection of evidence in line with ACPO guidelines as required and recommend appropriate actions in response to identified information security incidents.
* Identify, engage and manage 3 rd party organisations to ensure appropriate vulnerability assessments and security audits are conducted to ensure the rigour of information security processes and systems, providing recommendations to minimise the likelihood and impact of any denial f service, penetration, or fraudulent activities / attacks that could affect brand or business.
* Liaise with and offer strategic direction to related governance functions (such as Physical Security/Facilities, Risk Management, IT, HR, Legal and Compliance) all levels of management across the Group as necessary on information security matters such as routine security activities, security risks and control technologies.
Capability, Knowledge and Experience:
* Substantial experience in an Information Security Management role, preferably in a commercial, FCA regulated organisation with experience of information security, audit and risk assessment
* Strong understanding of information security requirements and an up to date knowledge of applicable regulations and standards, e.g. ISO 27001, Data Protection Act , RMADS, EU Data Protection Directive and PCI DSS
* Operating up to executive board level, with an ability to translate technical inputs into business outputs.
* An understanding of Information Security controls and best practices such as NIST, CIS, CPNI, CSC.
Education and Qualifications:
* Educated to degree level.
* Information Security qualifications such as CISSP, CISM, CEH, PCI-ISA
* Data Protection qualifications such as BCS Certificate, CIPP/E
Benefits include – Annual Bonus, 25 Days holiday increasing with loyalty, Generous pension contribution, Childcare vouchers, Staff discounts and many more
Due to the volume of applications received for positions it will not be possible to respond to all applications and only applicants who are considered suitable for interview will be contacted.
Proactive Appointments Limited operates as an employment agency and employment business and is an equal opportunities organisation
Proactive Appointments Limited take our obligations to protect your personal data very seriously. Any information you provide to us as part of your application for this vacancy will only be processed as detailed in our Privacy Notice. If you have any questions or would like further information please email GDPR@proactive.it.