IT Systems Security Manager

IT Security Manager

Our Client is a large international organisation who are looking to recruit an IT Security Manager with at least 5 to 8 years proven expertise.

Provide advice, support and guidance to all Company Corporate functions to assist them to maintain and improve their information security maturity. To work collaboratively with all areas of the Company Corporate and build networks and relationships to promote Information Security.

• Act as subject matter expert on IT Security, including legal and regulatory compliance.
• Advise Company Corporate functions on how to achieve the required controls and assist with solutions to support them, e.g., support in the development of standards and their application in line with Group security policies.
• Participate in Company BU’s Projects providing support, guidance, control validation and overall security assurance. This could also involve sitting on major project steering committees.
• Support and encourage the ethos and methodology of security by design.
• Aid GRC to build, implement and facilitate a mechanism to help BU’s assess and measure their security compliance to policies.
• Drive the development of BU/Divisional security roadmaps, giving oversight of key non-conformities to feed into the CISO roadmap.
• Coach, train and educate the Company IT and Functions to upskill and increase security maturity in BU’s.
• Be an active member of the Company’s IS Security community, contributing to and leveraging the experience and lessons learned from other BU’s.
• Produce, implement and standardise protocol and guidance material to support Business Unit activities (examples: Asset register templates, third party due-diligence).
• Facilitate and chair the security working group meetings.
• Engage and manage third party relationships to support the Company and its affiliates.
• Aid Procurement and the tendering process.
• Raise the security baseline controls and standardise where it makes sense to do so.
• Understand the different business requirements and align to their objectives.

• Support Security operations to continuously improve information security awareness across the group, including phishing campaigns and associated reporting.

• Experience in an information security risk leadership role within a large organisation.
• Confident in presenting, discussing and championing ideas and concepts with senior stakeholders.
• Experience of running information security risk governance processes and structures.
• Familiarity with relevant industry standards for information security (e.g., ISO27001, NIST CSF).
• Experience of creating, implementing and assessing against information security policies and standards.
• Able to analyse complex, ambiguous problems and summarise clearly with a view to establishing practical solutions.
• Able to bridge the gap between technologists and business-people, bringing information security risks to the business while maintaining a pragmatic outlook on likelihood, impact, and mitigation costs.
• Ensuring initiatives/programmes are anchored in best practice whilst remaining practical and pragmatic.
• Ability to defuse situations and resolve conflict to a win-win outcome.
• Influence others to understand their views and agree ways of working acceptable to all parties.
• Business acumen to understand business risks and the information security implications.
• Able to identify when information security risks should be escalated for appropriate management visibility.
• Able to prioritise security risks and controls, differentiating essential from nice-to-have.
• Able to communicate messages to maximise buy-in and understanding.
• Able to analyse data with rigour and reach sound conclusions.
• Capable of assessing when further data gathering or analysis will bring diminishing returns and weigh prevailing evidence accordingly.
• Support and manage budget.

• Responsibility for information security incident management.
• Responsibility for security assessments and assurance activities (e.g., penetration testing) and guidance on when to use them.
• Oversee and manage security compliance management and reporting related to relevant regulatory or legal requirements.
• Operational responsibility for management of third parties.
• Responsibility for managing change management around projects and change leadership.
• Able to judge political and people aspects of situations and tailor messages to bring people along.
• Able to work with others, set challenging but realistic targets for team members, and guide toward successful outcomes.
• A positive collegiate approach to developing relationships and networks across the Company with gravitas to work persuasively with senior stakeholders.

Is aware of different styles of stakeholders and can adjust leadership style accordingly.

The Client and the role are based in Central London – you will be required to be in the office at least 3 days a week.

The salary for this position will be £75K + £85K plus benefits.

Please do send your CV to us in Word format for this exciting new position along with your salary and availability.