Information Security Governance Information Security Governance …

Holmes Search
in London, England, United Kingdom
Permanent, Full time
Last application, 30 May 20
£65k-£85k
Holmes Search
in London, England, United Kingdom
Permanent, Full time
Last application, 30 May 20
£65k-£85k
Recruiter picture
Posted by:
Posted by:
Recruitment Consultant
Recruiter picture
You will be part of the Risk and Compliance Team and work closely with the Information Security Team playing a critical role in promoting, embedding and validating the effectiveness of the security controls specified by the Information Security Team as well as wider business and compliance controls. The role requires a solid technical background and a pragmatic approach to policy enforcement across all business units. As the face of security and compliance, you will be responsible to build trust and credibility with various teams.

Duties
● Promote and embed security controls in line with the information security
programme.
● Promote and embed wider non-security controls in line with the legal,
regulatory and contractual agreements.
● Good understanding of major certifications and standards (ISO27k, SOC2).
● Good understanding of data privacy regulations (GDPR).
● Develop methodologies to test and validate control effectiveness for security and
non-security controls.
● Design and produce metrics and KPIs to measure controls maturity
● Drive IT vulnerability remediation process
● Manage data security classification and protection process
● Conduct third party assessments
● Undertake a programme of activities to, where possible, automate controls

 

Requirements

 

Essential
● Able to multitask and quickly shift context between technical and non technical context
● Familiar with ISO 27001-27002 and NIST 800-53 security controls requirements
● Experience with data privacy requirements and data flow management
● Familiar with Linux, Mac, and OSS software
● Experience in managing privileged access management
● Experience of working in, or closely with, a financial services compliance team
● Excellent interpersonal skills

Desirable
● Enterprise GSuite security management experience
● Knowledge of Secure Web Filtering & Data Loss Protection tools
● Experience with administering Mobile Device Management
● Experience with Cisco devices and network management tools
● Familiar with Zero Trust networks and related security concepts
● Compliance qualifications
● Knowledge of risk based control design

Close
Loading...