Cyber / Info Security Strategist/Consultant - Architect - Leeds 674

60,000 plus 10% bonus and benefits + free parking

Here we have a brand-new LEAD Information / Cyber Security vacancy, based in Leeds.

Position: Lead Information / Cyber Security Officer

Size of team: 15 FTE's

Salary: 60k & added bonus 10% + other % benefits

Key Stakeholders: Heads of Departments, Directors, CIO

Main purpose of job

As a key member of the Information / Cyber Security team, the Lead Information / Cyber Security Officer will be engaged with the business and provide consultative and specialist services to assist and improve its information security posture ensuring secure business processes and delivering secure services to clients and consumers. You will be the subject matter expert for the business function(s) and will be responsible for ensuring policy is embedded within working practice, risk assessing relevant projects, 3rd parties and key assets with a preventative risk mindset. You will have a good understanding of the key assets, processes and the current / emerging threat landscape, ensuring risks are identified and managed with appropriate best practice controls and measures.

Key responsibilities

1. Implementation of the Information / Cyber Security strategy and measurement of progress through performance metrics.
2. Contribute to the development of policies, standards and guidelines and ensure these are embedded within the business.
3. Contribute to the development of awareness and training programmes and assist with delivery to staff and the Information Governance Coordinator community.
4. Provide a preventative risk management service through risk assessing and supporting higher risk projects / initiatives / procurement from the earliest stage.
5. Provide subject matter expertise and guidance to leadership and staff across the group.
6. Ensure information security incidents are reported, managed and remediated in a timely manner.
7. Ensure exceptions to policy or part of a policy are recorded, assessed and managed.
8. Support the Sales process for reviewing, assessing and responding to information security requirements in new contracts.
9. Support client, consumer and regulatory compliance reviews and activities.
10. Provide regular reporting of the information security status for stakeholders.
11. Contribute to the functional responsibilities of the Information / Cyber Security operation.
12. Any other duties commensurate with the role.

Functional expertise/main job related skills

1. Enterprise-wide knowledge of Information security, Information governance, Information Security risk management and Data Protection within the finance business sector.
2. A good understanding of technical security processes, cloud services and secure software development and testing.
3. Identifying, assessing, reporting and mitigating information security risks within business processes and personnel engagement, projects, systems, 3rd party and client engagements and physical / operational environments.
4. The ability to develop and leverage strong relationships with internal and external stakeholders (managers, clients, regulators and suppliers).
5. A good understanding of agencies and specialist forums to leverage threat landscapes and Information Security best practice eg: ENISA, NIST, ISF (Information Security Forum).
6. Delivering credible engagement with business and technology functions and stakeholders.
7. Effective written and verbal communication (procedure documentation and management reporting).
8. Project Management and problem solving / troubleshooting (technical and management).
9. Self-motivated and able to work independently / without supervision (manage own workload); and
10. Collaboration (effective team player).

Required experience

1. Demonstrable work experience within business focused Information Security Management System environments.
2. Knowledge of industry standards: ISO 27001; PCI DSS; ISO31000; and ITIL.
3. Ensuring previous compliance to the Data Protection Act 1998 and contributing to the planning and preparation for GDPR.
4. Either a recognised Information Security qualification, or working towards a relevant certification (e.g. CISA, CISM, CISSP, CRISC, ISO 27001 Lead Auditor Certification, and / or Membership of the Institute of Information Security Professionals), or commensurate experience.
5. Outsourcing and Cloud service provision including eg: PaaS, SaaS, IaaS.
6. Understanding of SIEM, IDS / IPS, Vulnerability Scanning / Penetration Testing, Mobile Device Management.