£75000 - £85000 (+ benefits)
about 1 year ago
An excellent opportunity has arisen for a result focused individual to join the Business Security department – a cross-disciplinary team as a Cyber Risk Manager in the heart of London. You will be required to support the continual development of the Cyber Security strategy and operating model, focusing particularly on the improvement of the firm’s information protection initiatives and associated systems with an input into other areas of strategy.
What will I be doing?
This role boasts a range of areas you could find yourself operating in, which can be anything from strategy and policy to business frameworks, operational methodology, data classification, information rights management through to access governance and cryptography. The successful candidate would therefore be responsible for:
- Review and update the operating model for effective delivery of the firm including liaising with colleagues across geographies and Global teams.
- Create and deliver new information protection offerings to meet business needs.
- Support a holistic approach to data loss protection in the firm, integrating multiple teams, resources and technologies
- Provide input into and support the creation of an updated operating model for Cyber Risk.
- Develop the firm’s updated Cyber Security strategy.
- Work closely with diverse business and senior stakeholders to ensure that appropriate security guidance is provided to support project delivery.
- Work closely with diverse business and senior stakeholders to document their risks and proactively manage the output.
- Collaborate with IT Services & Internal Clients to provide risk-based direction for system enhancements in line with firm strategy.
- Identify potential enhancements to firm’s security, managing the delivery of improvements whilst ensuring minimal impact to practitioners.
- Provide subject matter expertise to support the Business Security & the wider Quality & Risk community.
- Contribute to the creation and implementation of standards, policies, guidelines and appropriate information security architecture planning and the operating model and engagement framework.
- Liaising with and manage key stakeholders to effect change where required.
- Support client facing resources and stakeholders to deliver services with appropriate controls.
- Support change management and continuous improvement of initiatives.
- Ensure that appropriate documentation is in place to support all systems and processes implemented.
- Provide appropriate change oversight (processes) and ensure escalation process are in place and followed.
- Ensure that appropriate mechanisms exist to ensure that gaps and areas for improvement are captured on an ongoing basis and resolved in a timely fashion.
- Assist in the enhancement of delivery and management of key security platforms (e.g. SIEM,DLP)
- Assess the efficacy of key technology security platforms through clear and measurable KPIs and KRIs.
- Maintain and develop new reporting and monitoring capabilities with relevant responsible parties that meet requirements and demonstrate business value.
What skills & experience will I need?
In order to work for an organisation of such calibre and global status you will need provide an in-depth understanding of information security, technology and business. Successful candidates will be expected to demonstrate relevant experience working in a dynamic environment dealing with complex challenges and communicating to all levels. The successful candidate should therefore have the following:
- Track record of success in problem solving and team working.
- Self-motivated and able to manage multiple concurrent deliverables.
- A proactive, keen and flexible approach with a high level of motivation and commitment.
- Good time management skills and the ability to manage priorities under pressure.
- The ability to juggle multiple tasks and activities with prioritise effectively when working to tight deadlines.
- Demonstrate an understanding of project management and the ability to manage key deliverables.
- An enthusiasm for risk management and a desire for continued learning are essential.
- Discerning, with good analytical skills and the ability to filter what’s relevant and important, and what needs to be escalated.
- Sensitive to the need for confidentiality, discretion, tact and integrity.
- Demonstrable Information Security experience within a relevant business sector.
- Hold one or more respected industry qualifications (CISSP / CISM / CISA / CRISC / SABSA).
- Demonstrate knowledge of a wide range of Information Technology systems and a solid understanding of any inherent security risks associated with these technologies.
- Demonstrate understanding & application of information security principles, accreditations and best practice (e.g., ISO27001 and ISF Standards of Good Practice for Information Security).
- Strong technical abilities & awareness.
- Ability to understand and assess technology systems from both a technical and business function perspective.
- Experience with service delivery management and continuous improvement processes.
- Sound experience of DLP policy, incident response, risk reporting design and industry best practice.
- The ability to assess program maturity and develop effective target operating models.
- Basic knowledge of global privacy and developing and implementing employee monitoring legislation.
- Able to present information security topics to a non-technical audience and describe their business value.
- Ability to effectively communicate business and technical risk to all potential audiences.
- Excellent interpersonal and facilitation skills and able to provide a positive influence within a team and maintain trusted relationships across the firm are essential.
- Strong stakeholder management skills & demonstrable experience of securing buy-in for ideas.
- Commitment to teamwork and able to demonstrate strong client relationships.
- Experience in building and managing relationships across a wide stakeholder base.
- Sound written and verbal communications skills, (formal training desirable).
- Confidence in dealing with senior individuals in and beyond the firm, and tenacity in following up and getting things done.
Desirable qualifications & experience
- Educated to degree (2.1 or higher) level (preferred but not essential)
- Administrator level experience of data loss prevention – particularly the Symantec DLP solution.
- Formal project management qualification (e.g. PRINCE 2).
- Appropriate technology expertise including relevant security technologies such as DLP, CASB, encryption is highly desirable.
This is a premier opportunity to work for an organisation which prides itself in Information Security and is looking to invest in the right individuals to continue this. Please send your CV through to Omarion Blackman for more details.