An opportunity has arisen for an experienced Chief Information Security Officer to work for a leading IT Company. As Chief Information Security Officer will have experience of wide range of Information Security, and have experience of technical solutions delivery.
The successful Chief Information Security Officer will have an excellent understanding of Information Security, with knowledge of GDPR and ISO27001. Having an understanding of the Technology industry.
As the CISO you will need to have a strategic vision for security and establish a control framework and governance process to populate it with effective controls and policies. You will drive standards to ensure effective identity and access management, control security threats, manage vulnerabilities, direct forensics, manage incident response and conduct security audits.
The successful candidate will be an experienced Chief Information Security Officer with excellent communications skills and the ability to influence and educate senior management in Cyber Security threats.
Key Objectives of the role:
End to end IT Security
Information management and Data Protection
ISO9001 and ISO27001 Accreditation
Risk management and reporting from local risk registers
Training and development of IT security and Information Management awareness
To prepare for strategic challenges that present the business including General Data Protection Regulation
Advisory to the Executive team on all security related matters
Develop and maintain relationships with senior stakeholders
Oversight and accountability for service quality of the Vetting service
Excellent interpersonal and communication skills
Strong enterprise risk management experience
Experienced in taking an Organisation through to ISO 27001 Certification
A clear understanding of UK Government Security Frameworks including the Security Policy Framework and CESG Good Practice guidance
A clear understanding of the Data Protection Act 1998
Experienced in Risk Assessment methodologies such as IRAM, CRAMM and IS1&2
Overall responsibility for all Information Assurance and Security
Responsible for GDPR awareness
Maintain awareness of current threats and business risks and be able to clearly articulate these to Senior Management.
Managing the Security relationships
Leading the Security Architecture strategy
Managing, updating and publishing technical security polices, standards and processes
Managing Security Governance Boards
Act as the final point of issue escalation on all Security matters
Provide support and leadership on all audit and remediation activities
Maintain awareness of new and upcoming changes to external security policies, standards, laws or new vulnerabilities that may impact the client
Performance management and development of security resource