Information Security Officer
Posted on Apr 22, 2020 by Barclay Simpson Recruitment
Financial services firm seeking an Information Security Officer responsible for the implementation and development of policies and processes. The successful candidate will act as a focal point for security issues for the business lines of the bank operating in the UK as well as develop security training and awareness. The purpose of the job is to analyse and audit system configuration and maintain policies and procedures in order to mitigate information security risks. This includes assessing technical security risks and identifying potential security weaknesses, definition and implementation of security controls and ensuring conformance with global information security policies and standards.
- Maintaining and assisting with the development of the Information Security Policy and supporting set of policies, ensuring appropriate authorisation, commitment and endorsement from senior IT and business management
- Working closely with other Business Line and Central Security functions and personnel developing effective education and awareness of security at all levels
- Developing and documenting procedures for operating and maintaining security controls
- Assisting with business impact analyses, performing security risk analysis and risk management
- Lead security assurance activities to assess of effective implementation of operating systems and controls
- Act as deputy for all security breaches and handling security incidents, taking remedial action to prevent recurrence wherever possible
- Participating in security reviews arising from security breaches and instigating remedial actions
- Reporting, analysing, and reducing the impact and volumes of all security incidents in conjunction with Problem Management
- Ensuring that the confidentiality, integrity, and availability of the services are maintained at the levels agreed in the SLAs and that they conform to all relevant statutory requirements
- Monitoring and maintaining internal access control procedures
- Process improvement and reporting
- Reviewing and investigating Event Monitoring reports
- Working with IT line managers at all levels to ensure they are enacting their specific security responsibilities.
As an ideal candidate, you will have an industry certification such as CISSP/CISM/CRISC and have expert knowledge of technical and non-technical Information Security. You will also have a proven track record of delivery in a similar role. Experience in Financial Services is highly advantageous.