Head of Information Security

22 Mar 2018
19 Apr 2018
Mary Worthington
Clearance Level
None / Undisclosed
Job Type

Head of Information Security

My financial services client, based in Leeds are actively looking for a Head of Information Security, on an initial 12 month contract basis. Ideally you will have extensive experience of building out a security capability, in a highly regulated environment. You will be responsible for implementing strategy and integrating security into the wider business.

The Role

  • Building trust with internal and external clients, influencing via strategic relationships.
  • Operate as a strategic thinker and ally to the business.
  • Thought leadership about security execution and direction.
  • Providing Information Security as a professional service firm, with associated business charging model.
  • Communicating with executive management to ensure support for the information security strategy and programme.
  • Setting security strategy, utilising internal and external expertise to support the development of a suitable strategy.
  • Overseeing and conducting risk management activities (risk assessment, gap analysis, business impact analysis, etc.) to help the business reach an acceptable level of risk and also maintain regulatory objectives.
  • Supporting the company to understand and define and follow an appropriate security risk appetite.
  • Overseeing the establishment, implementation and adherence to policies and standards that guide and support the terms of the information security strategy.
  • Advising and making recommendations regarding appropriate personnel, physical and technical security controls.
  • Participating in resolving problems caused by major security incidents and breaches
  • Reporting appropriate security metrics to executive management across the group.
  • Responsible for the management of ISMS and assisting with the maintenance of ISO27001 accreditation.
  • Experience of building and running highly effective, flexible, security service model that protect businesses against the changing security landscape and support compliance external regulations and internal controls, such as; ISO27001/ PCI DSS/ DPA/ GDPR/ FCA.