£55000 - £65000 (+ benefits)
9 months ago
This is a fantastic opportunity for a result driven individual to join the Business Security department – a cross-disciplinary team as a Cyber Risk Manager in the heart of London. You will be working as part of a wider European division which brings together over 25,000 individually talented people with a rich mix of skills and perspectives to serve one purpose and reach one aspiration.
What will I be doing?
The role requires an in-depth understanding of information security, technology and business security as well as governance and risk management. Successful candidates will be expected to demonstrate relevant experience working in a dynamic environment. This will include:
- Provide expert advice to IT and business areas on the cyber and technology security risk framework, as well as on compensating measures relating to exceptions to cyber and technology security policies and standards.
- Actively participate in the Cyber Risk Assurance and risk management activities leading as a Subject Matter Expert & ensuring consistency in the advice we provide to the business.
- Collaborate with first line IT Security & Internal Clients to provide risk-based direction aligned to policies standards and industry best practice.
- Identify potential enhancements to the firm’s security, managing the delivery of improvements whilst ensuring minimal impact to practitioners
- Recommend new changes to related policies/standards/guidelines to maintain currency in ensuring relevance to emerging technologies and delivery models.
- Technology Risk Assurance
- Provide oversight and assess the efficacy of 1st line on-paper reviews of new systems and technology, producing a clear documented output of key information security risks, security objectives and success criteria for 1st line security team to follow.
- Assess the efficacy of scoping of system penetration testing activities, ensuring that an appropriate methodology is agreed upon.
- Sample any Penetration Test Reports against security objectives set, ensuring 1st line security team have a clear translation of vulnerabilities and findings into descriptive operational or business risks.
- Collect metrics and sample remediation activities planned for by the 1st line security team ensuring effective risk management.
- Measure Risk Assessments, ensure due consideration is given to firm risk appetite, Regulatory and Legal, Standards & Policies as part of consistent and auditable processes.
- Ensure internal clients and stakeholders understand the value of risk assessment & security testing and how these activities help enable the business.
What skills & experience will I need?
In order to work for an organisation of such calibre and global status, you will need to provide subject matter expertise & technical support throughout major security incidents and investigations, ensuring root cause analysis is completed and any lessons identified are documented for tracking & implementation. The successful candidate should therefore have the following:
- Demonstrable Information Security experience within a relevant business sector
- Hold one or more respected industry qualifications (CISSP / CISM / CISA / CRISC / SABSA)
- Educated to degree (2.1 or higher) level (preferred but not essential)
- Demonstrate knowledge of a wide range of Information Technology systems and a solid understanding of any inherent security risks associated with these technologies
- Demonstrate understanding & application of information security principles, accreditations and best practice (e.g., ISO27001 and ISF Standards of Good Practice for Information Security);
- Strong technical abilities & awareness
- Able to present security topics to a non-technical audience and describe the business value of information security
- Able to demonstrate an understanding of networking/VPN/firewall/encryption technologies and privileged access management principles
- Able to understand and assess technology systems and applications from both a technical and business function perspective
- Able to effectively communicate business and technical risk to all potential audiences
- Excellent interpersonal skills and the ability to provide a positive influence within a team
- Self-motivated and able to manage multiple concurrent deliverables
- Strong stakeholder management skills & demonstrable experience
This is a premier opportunity to work for an organisation which prides itself in Information Security and is looking to invest in the right individuals to continue this. Please send your CV through to Omarion Blackman for more details.