ABOUT THIS ROLE
Our client is a leading Financial services provider in the consumer loans sector. They are bringing new products to the market place and are looking to scale their teams within information security and are looking for a Team Lead. They operate a hybrid working model and this person would need to be in the office approximately 40% of the time.
This individual will be responsible for line management of a multi discipline team circa 8HC and will have a solid knowledge of Information security but also risk management practices and methodology.
To be responsible for setting the IRM vision and strategic direction for the business and for implementing a comprehensive control framework and improvement programme, including people, processes and technology. This will include ensuring that the policies, standards, governance and oversight is implemented appropriately within the new product environment and that the resulting capability is scalable and defensible for planned future business demand.
- Responsible for the Data Protection strategy across the business, working closely with the Group DPO
- Develop a clear strategy and roadmap with regards to Information Risk Management
- Educate the executive and management team on their roles and responsibilities with respect to Cyber Security, the importance of ongoing evolution of Cyber Security and Data Privacy capabilities and establish a security-conscious culture across the business
- Develop capabilities within the team to partner with and improve our security posture with 3rd party service providers within the Security Operations Centre (SOC)
- Educate teams to ensure the business stays ahead of, and aware of, changes and updates to Regulatory and Compliance requirements in respect of Cyber Security and Data Privacy
- Ensure our Information Risk Management position meets our customers’ data security expectations and evolves to protect our business from the ever changing threats to the confidentiality, integrity and availability of customer data
- Lead the team to support and drive the achievement of Balanced Scorecard Performance Measures and identify areas of improvement to drive performance.
- Lead the collection and production of the Information Risk Management scorecard metrics
- Develop plans for Information Risk Management improvements and budgets and manage costs within the IRM portfolio
- Ownership and delivery of the IRM strategy including anticipating future challenges
- Oversight of adherence to the PCI DSS scheme in a way that ensures the business is not in breach of regulation.
- Provides specialist input into strategic planning, providing evaluations of risks and solutions in order to drive continuous improvement
- Develop and maintain a policy framework for IRM and evidence the periodic review of policies in line with acceptable standards (in line with the ISO27000 framework and standards)
- Overall responsibility for Information risk management including development and implementation of appropriate governance and risk frameworks aligned to best practice and regulatory obligations
- Ownership and delivery of IRM Audit and IRM Risk portfolios
- Embed Information Security practices into Change activities, ensuring all new and enhanced services are within company appetite of risk.
THE IDEAL CANDIDATE
- Strong Risk Management methodology knowledge and application
- Previous experience of working in Financial Services
- Recent experience of working in an FCA regulated business
- Team management experience
- Analytical thinking who is able to interpret MI/BI and use it for sound decision making
- Excellent communication skills (written and verbal) with the ability to influence, negotiate and constructively challenge at all levels
- Ability to deputise for IT Director when required
- Understanding of corporate governance frameworks
- PC Literacy to include middle management level MS Office Word, Excel, Power Point
- Proven ability to effectively plan and organise work effectively and prioritise deadlines whilst working at a fast pace
Education – Must hold one of the below
- Certified Information Systems Security Professional (CISSP) – preferred
- CISM – preferred
- Certified Chief Information Security Officer (CCISO)