about 1 year ago
This is a fantastic opportunity for a result driven individual to join the Business Security department – a cross-disciplinary team that supports a risk intelligent culture. The role requires an in-depth understanding of information security, technology and business security as well as governance and risk management. Successful candidates will be expected to demonstrate relevant experience working in a dynamic environment dealing with complex challenges and communicating to all levels of the business.
You will be working as part of a wider European division which brings together over 25,000 individually talented people with a rich mix of skills and perspectives to serve one purpose and reach one aspiration. The successful candidate will have the opportunity to collaborate across their business security network, tapping into a wealth of knowledge and contributing and influencing their direction and strategy.
- Provide expert advice to IT and business areas on the cyber and technology security risk framework, as well as on compensating measures relating to exceptions to cyber and technology security policies and standards.
- Actively participate in the Cyber Risk Assurance and risk management activities leading as a Subject Matter Expert & ensuring consistency in the advice we provide to the business.
- Collaborate with first line IT Security & Internal Clients to provide risk-based direction aligned to policies standards and industry best practice.
- Identify potential enhancements to the firm’s security, managing the delivery of improvements whilst ensuring minimal impact to practitioners
- Recommend new changes to related policies/standards/guidelines to maintain currency in ensuring relevance to emerging technologies and delivery models.
- Technology Risk Assurance
- Provide oversight and assess the efficacy of 1st line on-paper reviews of new systems and technology, producing a clear documented output of key information security risks, security objectives and success criteria for 1st line security team to follow.
- Assess the efficacy of scoping of system penetration testing activities, ensuring that an appropriate methodology is agreed upon.
- Sample any Penetration Test Reports against security objectives set, ensuring 1st line security team have a clear translation of vulnerabilities and findings into descriptive operational or business risks.
- Collect metrics and sample remediation activities planned for by the 1st line security team ensuring effective risk management.
- Measure Risk Assessments, ensure due consideration is given to firm risk appetite, Regulatory and Legal, Standards & Policies as part of consistent and auditable processes.
- Ensure internal clients and stakeholders understand the value of risk assessment & security testing and how these activities help enable the business.
- Provide subject matter expertise & technical support throughout major security incidents and investigations, ensuring root cause analysis is completed and any lessons identified are documented for tracking & implementation
- Review security-relevant requests & incidents dealt with by 1st line security teams and provide meaningful feedback, supporting refinement of processes and risk escalation procedures.
- Actively support & manage Risk Reporting & Risk Remediation initiatives
- Assist and support the development of a European second line function.
- Assist in the definition and implementation for Second line operating model and engagement framework
- Undertake Risk tracking, trend analysis and aggregation of risk for senior stakeholders providing metrics to inform key strategic decisions.
- Successful candidates should possess the following attributes:
- Demonstrable Information Security experience within a relevant business sector
- Hold one or more respected industry qualifications (CISSP / CISM / CISA / CRISC / SABSA)
- Educated to degree (2.1 or higher) level (preferred but not essential)
- Demonstrate knowledge of a wide range of Information Technology systems and a solid understanding of any inherent security risks associated with these technologies
- Demonstrate understanding & application of information security principles, accreditations and best practice (e.g., ISO27001 and ISF Standards of Good Practice for Information Security);
- Strong technical abilities & awareness
- Able to present security topics to a non-technical audience and describe the business value of information security
- Able to demonstrate understanding of networking/VPN/firewall/encryption technologies and privileged access management principles
- Able to understand and assess technology systems and applications from both a technical and business function perspective
- Able to effectively communicate business and technical risk to all potential audiences
- Excellent interpersonal skills and ability to provide a positive influence within a team
- Self-motivated and able to manage multiple concurrent deliverables
- Strong stakeholder management skills & demonstrable experience