Information Security Governance Information Security Governance …

Holmes Search
in London, England, United Kingdom
Permanent, Full time
Last application, 30 May 20
Holmes Search
in London, England, United Kingdom
Permanent, Full time
Last application, 30 May 20
Recruiter picture
Posted by:
Posted by:
Recruitment Consultant
Recruiter picture
You will be part of the Risk and Compliance Team and work closely with the Information Security Team playing a critical role in promoting, embedding and validating the effectiveness of the security controls specified by the Information Security Team as well as wider business and compliance controls. The role requires a solid technical background and a pragmatic approach to policy enforcement across all business units. As the face of security and compliance, you will be responsible to build trust and credibility with various teams.

● Promote and embed security controls in line with the information security
● Promote and embed wider non-security controls in line with the legal,
regulatory and contractual agreements.
● Good understanding of major certifications and standards (ISO27k, SOC2).
● Good understanding of data privacy regulations (GDPR).
● Develop methodologies to test and validate control effectiveness for security and
non-security controls.
● Design and produce metrics and KPIs to measure controls maturity
● Drive IT vulnerability remediation process
● Manage data security classification and protection process
● Conduct third party assessments
● Undertake a programme of activities to, where possible, automate controls




● Able to multitask and quickly shift context between technical and non technical context
● Familiar with ISO 27001-27002 and NIST 800-53 security controls requirements
● Experience with data privacy requirements and data flow management
● Familiar with Linux, Mac, and OSS software
● Experience in managing privileged access management
● Experience of working in, or closely with, a financial services compliance team
● Excellent interpersonal skills

● Enterprise GSuite security management experience
● Knowledge of Secure Web Filtering & Data Loss Protection tools
● Experience with administering Mobile Device Management
● Experience with Cisco devices and network management tools
● Familiar with Zero Trust networks and related security concepts
● Compliance qualifications
● Knowledge of risk based control design