|Location: Crawley, West Sussex||Salary: £65000 - £83000 per annum + Car, Bonus|
|Sector: IT & Telecoms||Specialism:|
|Type: Permanent||Contact: Emma Puddick|
Head of Information Security
Reports to CIO
Basic: Up to £83k
Holiday: 25 days holiday (can buy up to an additional 2 weeks)
Bonus: Up to 25%. Based on business and personal performance.
PMI: Family cover
Pension: Employee 5% Company 10%
Key Responsibilities for the Head of Information Security:
- Information security and information assurance Governance Risk and Control (GRC).
- Information regulatory compliance e.g., PCI (Global), Data Privacy (GDPR and Regional) and local regulatory (e.g. The UK ICO).
- Information Risk Management standards and practical application using recognised standards (ISO, NIST, etc.).
- Information Security Management System (ISMS) designed to ensure comprehensive and documented assurance relevant to the organisations.
- Cybersecurity threat awareness and morphology (trends in current threats, attack vectors, protections, best practices).
- Information security controls for critical ICT systems.
- Contract and vendor and partners negotiations, SLA's and lifecycle management from acquisition through termination.
- Representing the Group as the representative of security and controls to clients and customers, partners, competitors, auditors, regulators and internal stakeholders.
- Consulting, approval and/or validation of existing IT strategic directions and investment plans.
- Consulting, approval and/or validation of existing Business strategic directions and investment plans as they relate to protection of systems and data.
- Get the big information security risk management picture including third parties, service providers and integrating with internal control, compliance and risk management functions.
- Security Architecture and setting strategic directions.
- Information privacy and protection of Personally Identifiable Information (PII) of customers and employees.
- IT investigations, digital forensics, e-discovery, breach response and reaction plan responsibilities.
- Computer Emergency Response Team/ Computer Security Incident Response Team (CERT/CSIRT) integration.
Knowledge & Skill Requirements:
- Minimum 5 years in Information Security and audit, security architecture or related field and additional 5-10 years of deeper information systems management and support experience over the preceding years.
- Strong technical skills related to information security e.g. infrastructure, application development, secure coding and development, ethical hacking, incident response, IDS/IPS, SIEM, access controls, systems security, vulnerability management, data protection etc.
- Deep knowledge of Information Security industry standards/best practices and relevant regulations (e.g., PCI DSS, ISO, NIST, ITIL).
- Payments Processing in European Context and European and Global Grouping.
- Rules and Requirements and Challenges.
- Experience with working for an EU or financial institution.
- Experience and demonstrable success with multi-lingual and multi-national and distributed workplaces.
- Strong understanding from technically detailed levels.
- Highly adaptable in learning and applying new skills, technologies, and procedures in order to manage a dynamic range of topics.
- Have a demonstrated track record beyond information security, e.g. a level of skill that is developed in other disciplines like entrepreneurship, business management, internal and external communications, leadership and law.
- A discerning ability to communicate briefly but effectively with stakeholder's communication with upper management and convey challenges in risk management.
- Relationship building, vision, and the ability to speak at all levels of the organization.
- Collaborate effectively and closely with IT operation teams (e.g. support, designers, developers) and all lines of business operations.
- Proven interpersonal/project skills, the ability to listen and coach, strong communication, both verbal and written.
- Must be a critical thinker, with strong problem-solving skills.
- High degree of initiative, dependability and ability to work with little supervision.
- Poise and ability to act calmly and competently in high-pressure, high-stress situations.
- High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity and transparency as required.
Educational and Industry Certification Requirements:
- Bachelor/Master in IT, Economics, Engineering, Business administration, Sciences or comparable by experience.
- Accreditations such as CISSP, CRISC, TOGAF, SABSA, CISA,
- CISM, ITIL and/or CoBIT.
This really is a fantastic opportunity for a Head of Information Security to progress their career. If you are interested please apply as soon as possible as this position will be filled quickly so don't miss out!
This advert was posted by Gold Group - one of the UK's leading niche recruitment consultancies. We span a variety of specialist industries and are the recruitment company to help you find your next career opportunity. We pride ourselves on our commitment to candidates and stick to our ethos of finding the right role for the right person. Visit our website or get in touch today to discuss this role, find out what else we've got or just for a chat about the state of your industry. Services advertised by Gold Group are those of an Agency and/or an Employment Business. Please be aware that we receive a high volume of applications for every role advertised and regularly receive applications from candidates who exceed the job credentials. We will only contact you within the next 14 days if you are selected for interview.