Head of Information Security

The SLR Group
Newton Solney
£75,000 per annum
23 Aug 2017
31 Aug 2017
Contract Type
Full Time

Head of Information Security

Derby - £75000 - £85000

I am looking for a Head of Information Security for a market leading business based in Derby. The role involves establishing and designing security procedures across the company on a global scale. As the first Information Security person to join the business you will be expected to be hands-on initially. As the roles progresses, you will need to build and manage a team of security analysts.

Role Objectives

  • Creation and implementation of an information security and tech risk framework (around application security, infrastructure security, identity and access management and cyber security)
  • Creation and implementation of an information security and tech risk framework (around application security, infrastructure security, identity and access management and cyber security)
  • Raise the profile of the information security function across the business unit senior leadership, with special emphasis on awareness of the implications of incidents and cyber security risk
  • Manage the Technology Risk profile for the business and provide risk reporting to management
  • Transform the existing security architecture with a focus on making it agile to handle the evolving information security threat landscape in partnership with group technology risk
  • Enforce business wide minimum standards across information security
  • Lead and manage any security incidents across the business
  • Help build skills locally on the information security domain through training and acquisition of new talent as appropriate
  • Liaison with local regulator for understanding and implementation of country specific policies, incident management and updates
  • Facilitate third party risk assessment processes in accordance with the group standards

Key Responsibilities:

  • Lead and direct the information security function, which includes application and infrastructure security, risk and controls (in collaboration with group technology risk), IT security governance, security management and IT regulatory support.
  • Implement solutions to address information security issues with focus on identification of common patterns and issues
  • Deployment of technology policies, standards, processes and remediation management to continuously improve information security governance.
  • Execution of self-assessment program to ensure technology is in compliance with the established information security policies, standards and processes.
  • Implementation of new generation information security architecture
  • Ensure significant business initiatives are reviewed and aligned with the information security policies, standards and processes.
  • Regulatory interface on information security related aspects
  • Interface with auditors to ensure all audit and compliance findings are adequately remediated across the business unit
  • Provide value added services and become a business partner and growth enabler to the business by providing advisory and support to business leaders.
  • Ensure information security principles have the right balance of data protection and ease of doing business
  • Staff training through exercises such as phishing and also development of country specific training content in addition to the existing group wide information security content

Job Requirements:

  • Information security and technology risk management experience in complex international environments, preferably in insurance or financial services sector
  • Deep and broad technology understanding on the security platforms including application security, network security, identity and access management and devices security in addition to underlying infrastructure
  • Proven experience in managing security functions from an implementation and incident response perspective
  • Critical thinker, natural leader and deal shaper from technology/enterprise perspective with experience managing and mentoring diverse cross-cultural teams within complex environments
  • Understand the complexities and challenges of the organization, integrated processes, information and technologies to develop future-state models to best realise organizational strategies
  • Excellent communication skills with ability to influence and partner with key internal and external stakeholders
  • Innovative self-starter, highly motivated, business savvy with strong people skills
  • A degree or post-graduate degree in Computer Science or MIS, and preferably a holder of professional IT security qualifications: CISSP, CRISC or similar

This is a truly unique opportunity to establish security procedures for a leading business. If you are interested in the role please send your CV for immediate consideration and interview.