Information Security GRC Manager

Description

• Responsibility for the smooth running of the Information Security Management System: governance, risk management, remediation activities.
• Responsible for maintaining Information Security policies are reviewed annually and updated in line with regulatory, business transformation or other outside factors
• Work with the business areas to ensure good practices, including documented procedures

• Where necessary, provide cover and assistance to the Head of Information Security managing the team

• Re-evaluate policies, procedures, process and standards to ensure documentation is consistent, and recommend improvements

• Maintain the 3rd party Information Security review schedule, provide guidance where necessary to junior members

• Manage Moneycorp’s Information Security Training and Awareness programme

• Responsible for ensuring daily tasks, collation of KPIs and RPIs, and managing ticket queue within SLAs

• Review new and existing services with an Information Security lens, highlight any gaps and provide recommendations

• At least 5 yrs Experience in an information or IT security related role within a financial or regulated firm
• Fully understand security concepts such as identity access management, defence in depth, least privilege, resilience (technical & operational), segregation (networks & duties), cloud security (shared responsibility)
• Comfortable with responding to regulatory compliance and auditors’ queries
• Have conducted Information Security risk assessments and managed mitigation strategies
• Understanding SWIFT CSP, and operational resilience frameworks
• Knowledge of implementing and managing ISO27001:2022 Information Security Management Systems
• Familiar with: SOC2 Type II, NIST CSF, PCI DSS and NCSC guidance Familiarity with Data Protection and Financial regulations i.e. GDPR, FCA regulations, PRA guidelines, UK Data Protection Act, DORA

• Technically astute, understands technical risks to the business and can provide clear risk assessment analysis to the business. Able to challenge where risks are outside of tolerance in an evidenced led, logical and methodical.
• Network Security & Protocols – Deep understanding of TCP/IP, firewalls, VPNs, IDS/IPS, and secure network architectureand browser filtering technologies
• Vulnerability Management – Have used vulnerability management tools, provide analysis
• Email – understands email delivery, and controls i.e. tracing, analysing, filtering, DMARC, SPF, DKIM
• Cloud Security – Knowledge of securing Azure or AWS, including IAM, encryption, and monitoring (Sentinel experience beneficial) and understand the principles of the Shared Responsibility Model
• Data Protection & Encryption – Understanding of cryptographic protocols and secure data handling practices
• Investigations – have conducted highly confidential investigations (DSARs) using tools to conduct searches and collate evidence e.g. Search email systems, Teams
• Experience in Information Security Awareness and Training, phishing simulations, managing online training (CBT), providing content for awareness
• Scope and manage Penetration Tests, analysing the findings
• Able to mentor junior members of the team
• Attention to Detail – Critical for monitoring logs, reviewing configurations, and writing formal documentation
• Analytical Thinker – Ability to assess complex systems and identify potential risks and vulnerabilities
• Ability to disseminate documentary evidence to provide objective analysis
• Communicating and documenting user reported security problems and incidents
• Keeps up to date with the latest Information and Cyber news, threats and incidents
• Previous experience working in a Global diverse organisations
• Appreciate when to escalate issues upwards

• BSc/MSc in Information Security, computing, science, technology, engineering or mathematics (STEM) subject or suitable alternate experience
• Must have obtained a known security qualification; acceptable certifications from ISC2, ISACA, GIAC or EC-Council. e.g. CISSP, CISM, CRISC or CISA preferable
• Must have either ISO27001 Certified ISMS Lead Implementer or Lead Auditor

• English

• A passion for cyber security and a keen interest in IT
• Highly motivated, responsible, reliable and organised individual able to use own initiative, manage own time and workload and an excellent attention to detail.
• Capable of developing a strong working relationship with peers to encourage good security practices
• Collaborative and team-oriented, flexible attitude, adhering to a high standard of ethical behaviour

You can also find Moneycorp onFacebook,Twitter UK,Twitter Americas,Instagram,LinkedIn, where you can discover how we are leading the way in global payments and currency risk management