London or South Hampton location:
Group Information Security Officer
The Group Information Security Officer (Group ISO) plays a pivotal role in upholding the confidentiality, integrity, and accessibility of sensitive information and systems. This multifaceted role involves risk communication to senior management, development and enforcement of robust security policies and procedures, and ensuring compliance with regulatory requirements. Additionally, the Group ISO collaborates with various departments, manages security tools, conducts awareness campaigns, addresses client due diligence inquiries regarding cyber defense systems and business continuity, and oversees the reporting of cyber-related incidents.
Key Result Areas:
Security Policy Oversight: The Group ISO is tasked with maintaining and enforcing the organization's Information Security Policy and Acceptable Use Policy, ensuring active adherence. These policies serve as the cornerstone of the organization's security posture, defining the guidelines and standards that all employees must follow.
Client Due Diligence Management: A critical aspect involves managing client due diligence questionnaires related to cyber and business continuity planning and processes, requiring a comprehensive understanding to provide accurate responses. This client-facing role reflects the commitment to transparency and security when interacting with external parties.
Security Tool Management: The Group ISO oversees all security tools deployed across the global network of the organization, ensuring their effectiveness, regular maintenance, and alignment with evolving security needs. Effective management of these tools is crucial to proactively identify and mitigate potential threats.
Coordination with Third-party Providers: Collaboration with third-party providers supporting cyber defense platforms is essential, involving the establishment and maintenance of effective relationships. The organization's security often relies on external partners, making effective collaboration and oversight a vital responsibility.
Compliance Assurance: The Group ISO is responsible for overseeing controls related to information security and IT controls, including relevant compliance standards, to maintain regulatory compliance, conducting regular audits and assessments for adherence. Ensuring compliance with industry standards and regulations is not only a regulatory requirement but also a fundamental aspect of maintaining the organization's reputation.
Independence and Objectivity: Operating independently of the organization's daily operations and business functions allows for impartial evaluation and implementation of security measures. This independence ensures that security decisions are made objectively, free from conflicts of interest.
Information Security Advisory: Serving as a trusted advisor to the organization, providing guidance and expertise on information security matters, supports informed decision-making. This advisory role helps the organization navigate complex security challenges effectively.
Education and Awareness: Fostering a security-conscious culture is a top priority. The Group ISO is tasked with developing and executing an education and awareness program for the entire organization and its employees. This educational role is critical in ensuring that all employees understand their role in maintaining security.
Qualifications: The ideal candidate should possess a degree in Computer Science or a related field. A strong educational background in a relevant field provides the foundation for understanding complex security concepts.
Information Security Qualification: Holding or actively pursuing a recognized information security qualification, such as the Certified Information Systems Security Professional (CISSP), is crucial. This qualification demonstrates a commitment to ongoing professional development and expertise in the field.
Experience: A minimum of four years of experience in the information security and cyber security field is mandatory. Experience is vital for understanding the nuances of security threats and risk management.
IT Knowledge: A solid understanding of information technology concepts and processes is essential. This knowledge enables the Group ISO to effectively communicate with IT professionals and understand the technical aspects of security tools and systems.
Outsourcing Experience: Proficiency in working with outsourced third parties is a valuable asset. In an interconnected world, many organizations rely on external partners, making experience in managing these relationships critical.
Security Management Platforms: Experience with relevant Information Security Management platforms strengthens the candidate's suitability for the role. Proficiency in using these platforms can streamline security management processes.
Firewalls and AI: Proficiency and knowledge in firewalls and AI-based security monitoring systems are advantageous. These technologies are at the forefront of modern cybersecurity and can enhance the organization's defenses.
SIEM Systems: Familiarity with Security Information and Event Management (SIEM) systems can enhance the candidate's capabilities. SIEM systems play a crucial role in detecting and responding to security incidents.
In summary, the Group Information Security Officer plays a vital role in ensuring the organization's security and compliance. By maintaining and enforcing security policies, ensuring compliance, coordinating with various stakeholders, and fostering a security-conscious culture, the Group ISO contributes significantly to upholding security standards and promoting organizational integrity.