Global Financial Services brand is looking to hire a new Info Sec Manager to run their control assurance programme working closely with the business and technology.
The purpose of this role is to develop an effective control assurance programme suitable for the organisation which will enable the Information Security function to identify, test and report on relevant controls which mitigate cyber risk. This includes reviewing prioritised Critical/High risk controls on a regular basis, supporting the EMEA Information Security Team by reporting and detailing control gaps and failings or providing assurance that controls are effective and working appropriately.
There will need to be close co-ordination with the other roles within Risk and Assurance as well as the technical members of the EMEA Information Security team. These relationships will help the prioritisation of control testing, using the asset control register to both identify the areas of focus and as a repository for reporting outcomes against each risk once controls are assessed.
This role will be responsible for managing the cycle of assessments, review process and procedure, co-ordination and communication with the business and relevant functions and in addition to ultimately be able to report on the control environment posture for the region. This will also include the tracking of control status and any policy exemptions.
Experience
-
Experience working as an information security professional working within industry, with proven experience developing, implementing, maintaining and leading an effective information security control assurance programme
-
Experience using a number of industry recognised information security frameworks
-
Strong stakeholder management skills, including technical members of staff and senior executives, including stakeholder negotiation and influencing
-
Experience performing security risk assessments and controls assurance activities
-
Experience assessing requirements against legal, regulatory and policy-control frameworks
-
Expert knowledge of the General Data Protection Regulation
-
Demonstrated ability to understand and analyse complex business processes and technologies to make sound recommendations to non-technical constituents
-
Experience interpreting and applying information security standards and frameworks (e.g., ISO/IEC 27001/27002, PCI-DSS, NIST Cybersecurity Framework, etc.) or attestation reports (e.g., SOC 1/2)
-
Use and knowledge of Governance, Risk and Compliance Platforms
-
Experience working in transformation or continual improvement programmes
-
Experience within the insurance industry or financial services preferred
-
Bachelor's degree or equivalent work experience
-
Certification such as CISM, CISA, CRISC, CCSP, CISSP or CIPP is a plus
Eames Consulting is acting as an Employment Agency in relation to this vacancy.
