Menu

I am a Job Seeker looking for work

Signup with our easy to use form and keep us up to date with your details so we can find the right job for you

Register now →

I am an Employer looking for talent

Let us know your exact requirements and we will find you a perfect candidate for your role

Get in contact ↓

Search our job database

×

Information Security Officer (O911023)

Isle of Man, Dublin, Jersey, or Hampshire

IT & Telecomms

Salary DOE - excellent package

Full time / Permanent

Job description

Overview

Our leading Financial Services Sector Client is continuing a high growth trajectory, coupled with an ambitious transformation programme. They are now seeking an Information Security Officer tomanage and monitor security measures for the protection of computer networks and information.

This will include the definition of the day-to-day information security authorisations on key controls; the monitoring, audit, and reporting on information security controls; the creation and maintenance of information security documentation; and to participate in information security audits.

Role Profile

You will have experience of managing external IT vendors (ideally within the finance sector) and have knowledge of relevant Technology deployed within the company to cover databases, network infrastructure, desktop solutions (ideally knowledgeable on O365 or MS Exchange infrastructures), and cloud infrastructure (understanding key concepts relating to PaaS and SaaS).

The role requires a good overall understanding of the business and the applicable legal and regulatory obligations (in particular data protection requirements) and deep experience of IT systems, networks, and IT security protocols, together with a rounded knowledge of operational processes and internal control methodologies relating to IT risk and cyber risks more generally.

The role holder is expected to deputise for the Information Security Officers in the security team when required, and to attend regular departmental meetings and other meetings relevant to the role.

Key Responsibilities include:

  • Information Security technical leadership
  • Governance & standard development and monitoring
  • Security Incident Management
  • Cyber Risk management
  • Driving Information Security awareness

Cyber Risk

  • Oversight, management, and reporting on all risks pertaining to information security, including all forms of cyber risk and all risks relating to the protection of personal data throughout the business in all locations
  • Develop and monitor Key Risk Indicators (KRI) and Key Performance Indicators (KPI), relating to the information security controls of the business
  • Assist in the assessment of risk to the security of information, assets, and personnel
  • Assist in management of cyber risk including risk reviews and mitigation planning
Governance / Standards
  • Assist with the initial certification and ongoing adoption of ISO27001
  • Maintain and develop information security documentation to agreed standards
  • Facilitate of external information security audits, management reviews and internal information security audits
  • Define and manage the monitoring of key measures of ISMS performance

Information Security Technical leadership

  • Drive and coordinate the management of security through the sharing of ideas between key security players, the monitoring of threats and subsequent identification for opportunities for improvement, and the on-going monitoring of security activity (e.g., pen testing actions) to meet targets; and drive and manage the development of information security to ensure approaches, techniques and tools continue to meet needs
  • Ensure that the team become an active part of projects to ensure that all projects take information security into account; and to carry out - or oversee - information security risk assessments and ensure that the results are acted upon
  • Provide training, coaching and internal consultancy to the business at all levels in relation to the Information Security Management System, the ISO 27001 framework and a wide variety of IT controls and information security controls, and also in respect of new and evolving IT standards, cyber risks, and information security issues
  • Authorise the release of system changes into production environments according to agreed parameters and processes
  • Provide information security guidance to IT team as part of SDLC
  • Perform regular internal and external security audits and testing including penetration testing

Information Security Awareness

  • Assist in the development, and delivery, of training, education, and initiatives to promote security awareness throughout the business

Cyber Risk Management

  • Preparation, management, and reporting of the Information Security Risk Assessment in conjunction with the overall Business Operational Risk Assessment
  • Report on Key Risk Indicators and Key Performance Indicators
  • Provide IT and information security control risk input into projects from inception

Person Profile

  • Hold a relevant third level degree qualification in IT or equivalent industry qualifications (CISSP, MCP) At least 5 years' experience in Information Security, and experience in people and IT management
  • Experience in security tools and solutions and reporting Project management
  • Management experience that encompasses information systems or information security experience
Relevant certification is preferred (ISO27001 lead auditor,CISSP, CISM, CRISC, CCRO) along with following experience:
  • ISO27001 implementation
  • Internal audit knowledge
  • Risk analysis - systems/projects/changes
  • Security technical knowledge / skills
  • Information Systems such as ActiveDirectory, VMware, Firewalls, Network, Storage, QRadar/SIEM
  • IT hardware, software, process appreciation

Skills:

  • Process mapping and data analysis skills
  • Analytical skills - Interprets quantitative and qualitative information to achieve objective and produces effective solutions to problems
  • Ability to work in tight deadlines and delivering solutions within defined time periods
  • Experience working in a complex operational environment
  • Effective verbal and written communication skills and strong interpersonal skills, good at reporting

We are sorry but applications for this job have closed.