Job Responsibilities
* Develop and implement information security policies, standards and documentation in collaboration with the Technology Leadership Team, ensuring compliance with all applicable legal or regulatory legislations.
* Manage cross-functional initiatives to deliver on risk goals, policies and procedures.
* Establish and maintain the relationship with our security vendors, including SoC, SiEM and MDR services
* In conjunction with our third-party vendor to research and evaluate emerging security threats and identify and implement appropriate mitigation strategies.
* Manage audit findings (internal, external and client driven) to ensure that business departments understand issues and that remediations effectively mitigate information security risks.
* Manage the cyber incident management process and develop appropriate document repositories, policy documents, operational schedules and processes.
* Drive and support an exceptions and waivers process ensuring exceptions are appropriately reviewed and action taken where relevant.
* Promote the firm’s security policy, to ensure appropriate measures are taken to secure the firm’s information and minimise security incidents.
* Experience in growing and motivating a team; coaching members through career milestones and progression
Skills Required
* Demonstrate a strong technical background in information security and security platforms
* Apply industry-standard security control frameworks to design, operate, and govern information security systems and processes
* Lead teams and display gravitas when managing key initiatives
* Knowledge of Azure, encryption key management and cloud-based services such as M365 is essential.
* Experience of operating in a similar role within the framework of and adhering to requirements of ISO27001 and Cyber Essentials Plus or similar standards.
* Experience in related supplier management, with vendors and resellers.
This is a hybrid role, offering 2 days WFH/3 days office based.