Job Description
IT Security Manager
Our Client is a large international organisation who are looking to recruit an IT Security Manager with at least 5 to 8 years proven expertise.
Provide advice, support and guidance to all Company Corporate functions to assist them to maintain and improve their information security maturity.
To work collaboratively with all areas of the Company Corporate and build networks and relationships to promote Information Security.
1. Act as subject matter expert on for IT Security, including legal and regulatory compliance
2. Advise Company Corporate functions on how to achieve the required controls and assist with solutions to support them. Eg Support in the development of standards and their application in line with Group security policies.
3. Participate in Company BU's Projects giving support, guidance, control validation and overall security assurance. This could also involve sitting on major project steering committees.
4. Support and encourage the ethos and methodology of security by design.
5. Aid GRC to build, implement and facilitate a mechanism to aid BU's to assess and measure their security compliance to policies.
6. Drive the development of BU/ Divisional security roadmaps. Giving oversight of key non-conformities to feed into the CISO roadmap.
7. Coach, train and educate the Company IT and Functions to up skill and increase the security maturity in BU's.
Be an active member of the Company's IS Security community, contributing to and leveraging the experience and lessons learned from other BU's
8. Produce, implement and standardise protocol and guidance material to support Business unit activities - examples - Asset register templates, third party due-diligence.
9. Facilitate and chair the security working group meetings
10. Engage and manage third party relationships to support the Company and its affiliates
11. Aid Procurement and the tendering process
12. Raising the security baseline controls and standardising where it makes sense to do so.
13. Understanding the different business requirements and aligning to their objectives
Support Security operations to continuously improve information security awareness across the group, including phishing campaigns and associated reporting
Experience
14. Experience in an information security risk leadership role within a large organisation.
15. Confident in presenting, discussing and championing ideas and concepts with senior stakeholders.
16. Experience of running information security risk governance processes and structures
17. Familiarity with relevant industry standards for information security (e.g. ISO27001, NIST CSF)
18. Experience of creating, implementing and assessing against information security policies and standards
Creativity
19. Able to analyse complex, ambiguous problems and summarise clearly with a view to establishing practical solutions
20. Able to "bridge the gap" between technologists and business-people, bringing to life information security risks to the business, while maintaining a pragmatic outlook on likelihood and impact of the risk and cost/ complexity of the mitigation.
21. Ensuring initiatives/ programmes are anchored in best practice whilst still being highly practical/ pragmatic.
22. Ability to defuse situations and resolve conflict to a win-win outcome
23. Influence others understand their views and agree ways of working that are acceptable to all parties.
Business acumen to understand business risks and the information security implications
24. Able to identify when information security risks need to be escalated to achieve the right level of management visibility.
25. Able to prioritise security risks and controls, differentiating the essential from the "nice to have".
26. Able to judge how to communicate messages to people to maximise buy-in and/ or understanding.
27. Able to analyse data with rigour & reach sound conclusions
28. Can assess when further data gathering, or analysis will bring diminishing returns. Can place appropriate weight on prevailing (sometimes conflicting) evidence.
29. Support and manage budget
Responsibility
30. Responsibility of information security incident management
31. Responsibility for security assessments and assurance activities (e.g. penetration testing) and when to use them.
32. Oversee and management of security compliance management and reporting in relation to any relevant regulatory or legal requirements Operational responsibility of management of third parties
Responsibility for managing change management around project and change leadership.
Able to judge the political and other people aspects of a situation, and tailor messages and approach to bring people along.
33. Able to work with others, setting challenging but realistic targets for team members, and through coaching and appropriate guidance, securing a successful outcome.
34. A positive collegiate approach to developing relationships and networks at all levels across the Company and the gravitas to work persuasively with senior stakeholders.
Is aware of different styles of stakeholders and can adjust own leadership style successfully to bridge any gaps.
The Client and the role is based in Central London - and you will be required to be in the office at least 3 days week.
The salary for this position will be £75K + £85K plus Benefits.
Please do send your CV to us in Word format for this exciting new position along with your salary and availability.