Job Purpose Statement:
Function as the local point of contact and information security subject matter expert for business change and Information security initiatives being delivered across EMEA and APAC. This role will ensure security is emedded in projects and deliverables meet production acceptance cirteria prior to production implementation.
Role Responsibilities:
- Serve as a security expert on change programmes, providing guidance and support to enable change delivery teams to comply with enterprise and technology security policies, industry regulations and best practices.
- Identify appropriate security requirements, through a deep understanding of the business requirements and security control environment for each phase of a project or change initiative.
- Analyse security needs based on the sensitivity or proprietary nature of the data, business and technology functional and non-functional requirements, and work with the appropriate teams to develop and execute new or existing security technologies or processes as required.
- For the global and local delivery teams - ensure all stakeholders are aware that global and local requirements are met, with the skillset to influence change at all levels.
- Conduct risk analysis and contribute to the prioritisation of information security initiatives based on risk and business need.
- Weigh business needs and security concerns, make recommendations and clearly articulate options (including benefits and risks) to business partners, decision makers and key stakeholders.
- Communicate known security risks and solutions to mitigate risks to business and technology partners as needed.
- Ensure solutions are fully integrated into business-as-usual activities.
- Ensure systems are incorporated into the local service catalogue.
- Ensure regional KPI's and KRI's are defined and delivered.
- Maintain current expertise in information security technology, methodology, tools, threats/vulnerabilities, news and regulatory changes, emerging security trends, issues and threats.
- Work with Project Management to ensure that projects have met all Security / Production acceptance criteria prior to design, and implementation into production.
Key Capabilities:
- Knowledge of managing policies and events within Data Leakage Prevention solution
- Working and hands-on knowledge of Security Information & Event Management (SIEM) systems.
- Experience working with Identity and Access Management (including Privileged Account Management)
- Good understanding and demonstrated operational ability of IT Security Operations, Malware analysis, Advance Persistent Threat (APT), Cyber Threat etc
Essential:
- InfoSec experience in a mature security environment
- Good all round technical knowledge of Applications, Databases, and Infrastructure
- Excellent understanding of project management lifecycle and methodologies
- Strong stakeholder management, persuasion & influencing skills at all levels
- Security knowledge / background essential (CISSP or similar)
- Able to work independently and manage own workload
- Well organised / analytical & logical approach, with attention to detail
- Able to demonstrate "pragmatism with principle", i.e. blend a rules-based-approach with an ability to 'read' - and to act in accordance with - the organisation's implicit risk tolerances
- Flexible and reliable team player
Desirable:
- Experience of a complex, multi-platform environment, preferably in financial services sector
- ITIL Managers or foundation certificate desirable
- Exposure to risk management methodologies
Eames Consulting is acting as an Employment Business in relation to this vacancy.
