A leading global Asset Management company is looking for a high calibre to join as a regional manager as an interface between the CISO's strategic and process-based activities and the work of the technology-focused analysts, engineers and administrators.
- Work with the CISO to develop a security program and security projects that address identified risks and business security requirements
- Contribute the process of gathering, analysing and assessing the current and future threat landscape, as well as providing the CISO with a realistic overview of risks and threats in the enterprise environment
- Work with the CISO to develop budget projections based on short- and long-term goals and objectives
- Monitor and report on compliance with security policies, as well as the enforcement of policies within the IT department
- Manage staff: information security professionals, hire and train new staff, conduct performance reviews, and provide leadership and coaching, including technical and personal development programs for team members
- Manage regional security issues and incidents, and participate in problem and change management forums
- Work with various regional stakeholders to identify information asset owners to classify data and systems as part of the Information Security Strategy control framework implementation
- Serve as an active and consistent participant in the global information security governance process.
- Work with the CISO and IT and business stakeholders to define metrics and reporting strategies that effectively communicate successes and progress of the security programme
- Consult with regional IT and Global Enterprise Architect to ensure that security is factored into the evaluation/design, selection, installation and configuration of hardware, applications and software.
- Support the CISO with the regional implementation of technical controls to support and enforce defined global security policies.
- Exceptional knowledge and experience across cyber security, information security and operational risk including in several of the following areas: Access Management, Vulnerability Management, Endpoint Security, Malware Prevention, Threat Detection & Response, Information Classification, Security Culture, Encryption and Systems Security
- Experience in interpreting and implementing legal and regulatory requirements for cyber/information security
- Proven track record of end to end delivery of a range of security projects, processes and solutions
- Demonstrated understanding of physical, personnel and IT/cyber security (including network security)
- Solid understanding of security architecture, administration and operating systems
- Experience of working with external service providers both in service provision and supplier security due-diligence
- Be certified to, or working towards a recognised security qualification e.g. CISSP, CISM or CRISC