Information Security Officer

On behalf of our client a private bank in London we are seeking to recruit an Information Security Officer. Job purpose The Information Security Officer is responsible for providing Information Security strategies aligning with business needs necessary to ensure the confidentiality, integrity, and availability of the Bank’s information by establishment & implementation of information security program in-line with compliance with regulatory requirements Key responsibilities Collaborate with IT and operational teams on the security measures to be integrated into business processes. Serve as an advisor to business units on security-related issues and initiatives. Perform Second Line project oversight activities in the evaluation of information security risk for new product, system and other material change projects. Supervision of information security projects initiated by the business and/ or Group ISO. Assist in the development, review, and maintenance of information security policies, standards, and procedures. Ensure that policies are communicated effectively across the organization. Develop and implement security awareness programs to educate staff on information security best practices. Conduct regular training sessions and workshops to enhance the organization’s security culture. Key responsibilities continued Maintain comprehensive documentation of security activities, assessments, and incidents. Provide regular updates and reports to the Information security management meeting. (ISMS). Manage the internal and external information security requirements. Coordinate with stakeholders to meet the internal and external regulatory cyber security requirements. Directs an ongoing, proactive Information security program for all new and existing systems aligning to business requirements. Support performance of annual budgeting & planning for information security requirements. Determine security requirements by evaluating business strategies and requirements for cloud-based solutions. Support vulnerability management and security testing program to meet compliance and security requirements as per schedule. Liaise with IT & establish remediation plan for identified vulnerabilities/ issues identified through various security assessments (VA, PT, Third Party Assessments etc.). Align with Group ISO in implementing group security strategy for the entity. Liaise with Group Information Security Office (GISO) to align IS requirements compliance/ adoption. Responsible for the Information security incident management and response, prepare security reports by collecting, analyzing, and summarizing data and trends with support of Group ISO. Coordinate with vendors for evaluation of new technologies & conduct Proof of concept. Perform security assessment of application, vendor, cloud and third-party assessment. Responsible for third party security program to manage potential supply chain security risks. Work with Cloud Security in AWS, Azure, Google or other for defining and designing the security controls for business solutions in cloud environment. Contribute to the evaluation, recommendation, and implementation of cloud security controls in line with emerging cloud technologies and practices across group entities. Work Experience Working knowledge of banking and securities products and services. Excellent experience and understanding of Information Security, Technology and Cyber Risk management and the required application of these risk domains within the financial services industry. Experience working in a cross functional environment. Good understanding of the interdependencies between other non-financial risk domains and wider Operational Risk practices. Proven and demonstrable ability to identify, analyse, understand and concisely communicate Technology and Cyber risk, and provide the ‘so what?’ to articulate impact. Understanding and experience of the Audit and Assurance lifecycles within a regulated financial institution Strong technical and functional knowledge of external Laws, Regulations, Policies and developments applicable to the Technology, Information Security and Cyber function. Solid technical and functional knowledge of financial services internal rules and policies. Experience with development and implementation of a comprehensive and broad set of security controls for cloud infrastructure and DevOps. Demonstrable experience of leveraging best practice and industry standards to uplift framework, process and procedure. Good understanding of the overall operational processes and technology challenges within the financial services industry. Understanding of the Accountabilities, Roles and Responsibilities across Technology and Cyber Security functions. Ability to facilitate clear and effective communication between organisational functions and business units both locally and internationally. Skills and Experience Bachelor’s degree or equivalent in Information Technology 5+ years information security experience CISA, CISM, CISSP, ISO27001 or equivalent Technology and Cyber Governance Risk and Control Frameworks Hands-on experience in cloud security and responsibility models for different cloud architectures Knowledge of cloud security frameworks Understanding of technology reference architectures of leading cloud service provider like Azure, AWS, Google etc Risk, Issue and Event Management Control Testing and Risk and Control Self-Assessment Technology, Cyber and Information Security Best Practices Threat and Vulnerability Detection and Management Cyber and Ransomware Incident Detection, Response and Remediation Information and Data Governance Principles Information security Risk Governance and Escalation Audit and Assurance ISO 27001 / NIST / COBIT Personal Requirements Strong team player with the ability to communicate and collaborate with business stakeholders. Clear and concise written and oral communication. Excellent accuracy and very strong attention to detail. Good time management and ability to prioritise. Strong analytical and problem-solving skills. Excellent Microsoft Office skills