Chief Information Security Officer
Our client, a large UK retail bank, are looking for a Chief Information Security Officer to join the business. This role will be based out of the offices in Solihull and candidates will be required to be work in office 50% of the working week.
Job Purpose
- Provide comprehensive advice, guidance and leadership to the Board relating to all Information Security obligations.
- Lead, design and develop the Information Security strategy and plan across the group.
- Install the appropriate controls, governance and culture to protect group information assets.
- To adhere to the COCON Code of Conduct as set out by the FCA and described in the Group Compliance Manual.
- To adhere to the applicable Senior Managers and Certification Regime requirements of the FCA and PRA.
Key Responsibilities
- Develop and deliver an Information Security strategy and plan across all areas of the group
- Establish, maintain and monitor the information security governance and framework in order to provide assurance to the Board, Executives and Regulatory Authorities
- Ensure that the required security controls are designed and operating effectively and designated executive managers are performing within clear defined accountabilities
- Undertake risk assessments and identify emerging Information Security trend analyses, corporate risk appetites and regulatory requirements to develop recommendations for the mitigation of potential weaknesses in Information Security technology solutions and business practices
- Report and communicate to Executive Management the Information Security Risks ensuring that security controls have been implemented according to the identified security risk and that stakeholders are kept informed as to the security risks across the business
- Ensure that Information Security employees are resourced, developed, managed and remunerated effectively in line with regulatory and Company requirements
- Set the proper tone and example by empowering and supporting the Information Security function in their responsibilities
- Lead, develop and deliver an Information Security awareness programme to provide a framework for enhanced end user awareness of Information Security best practices and policy requirements
- Set corporate expectations for the behaviour of individuals and ensure that good practice for Information Security is applied effectively and consistently through appropriate policies and guidelines
Knowledge/Experience
- Previous experience as a CISO preferable.
- Proficient in industry standards and methodologies associated with information security, including ISSO27001/2, COBIT, PCI DSS
- IT and Information Security, including in-depth understanding of associated technologies and architectures
- Proven experience in Information Security with evidence of developing and managing successful information security programmes.
- Developing successful IT and Information Security strategies
- and implementing/managing ISO/IEC standards
- Experience working within a highly regulated industry essential - preferable FS (FCA, PRA)
- Experience developing and managing internal business partner and supplier relationships at a senior level
- Working with large scale IT out-sourcing
- Managing IT governance within a Corporate environment
- Experience with systems design and development from business requirements analysis through day to day management
- Proven understanding of relevant national and international legislation including Data Protection Act, Computer Misuse Act, etc.
Qualifications
- Educated to degree level/relevant professional qualification or able to demonstrate suitable level of experience.