Job Description

Our client is looking for a Chief Information Security Officer to lead the Company\'s approach to Information Security. From setting out strategy to implementing policies and processes, they drive the organisation to protect customer and business data/systems at all times.

Key Deliverables

• Pragmatic risk mitigation: the jobholder will be pragmatic, balancing the need to reduce risks alongside the acumen to recognise the need to deliver exceptional service for customers, quickly and cost-effectively.
• Compliant and secure: compliant and secure at all times, systems must protect Company reputation as trustworthy with customer/sensitive data.
• Continuous improvement: security threats evolve and so it is critical that the jobholder drives continuous improvement across the Company to ready it for future threats.

Key Responsibilities

Department Head / Director

• Provide clear direction to the department, ensuring all colleagues understand the importance and value of their individual role in achieving the Company\xe2\x80\x99s mission and goals.
• Ensure appropriate policies, procedures and work practices are implemented, understood, adhered to and maintained across the department including in accordance with any ISO or other certifications and with the Company\xe2\x80\x99s cultural values.
• Plan and propose headcount and other resources to ensure the department produces the highest quality and most efficient work. Oversee talent acquisition activities to ensure adequate staffing at all times.
• Devise, implement, review and maintain appropriate targets, objectives and other relevant performance measures across the department. Provide additional support where improvements are required.
• Ensure appropriate training needs analysis and succession planning is in place across the department to identify personal development and training initiatives to meet future demands.
• Build effective working relationships and processes with other relevant departments to ensure smooth operations across the entire Business.
• Motivate, coach and develop the department\xe2\x80\x99s management team. Give regular constructive feedback and recognise good behaviour/performance. Proactively address areas of poor performance with the team and support them to improve.
• Regularly meet with direct reports to set and review personal and team performance standards.
• Provide weekly reports/updates on department activity and progress to management as required.

Processes, Policy and Security Measures

• Act as Data Protection Officer (DPO) for the Group.
• Create and implement an Information Security strategy which focuses on continuous improvement.
• Identify ways to deliver Company objectives by reducing or eliminating Information Security-related risks, without introducing unnecessary process, costs or unrealistic expectations.
• Manage global Information Security policies, processes, procedures and guidelines.
• Implement policies, processes and procedures to maintain the confidentiality, integrity, availability, accountability and which fully protect our systems and assets.
• Fully manage, investigate, report on and fix the root causes of Information Security-related incidents.
• Create and maintain a register of types of personal data and categories of Data Subject, whose personal data are processed by storm services.
• Effectively implement appropriate security measures for all products, services and locations, ensuring that all risks are identified, risk assessed and then effectively managed or mitigated.
• Submit critical IT environments, applications, computer installations, networks and system development activity to thorough and regular security audits and reviews.

Training and Awareness

• Demonstrate strong leadership across all departments to advise on security measures and best practice. Motivate, coach, train and support colleagues and departments so that they understand security requirements and expectations.
• Champion a culture of ensuring data, systems and premises are secure at all times.
• Drive the emphasis on security into every process and across every level and department of the business.
• Manage all colleagues working on Technology Security across the Group and support teams involved in security projects at every stage.
• Ensure measures for Information and Technology Security are effectively resourced.
• Integrate a fundamental awareness of security into every area of the business, from basic training through to lifecycle management of products and projects.
• Maintain the group\xe2\x80\x99s brand as a provider of highly-reliable, secure services.

Certifications, Compliance and Investigation

• Manage and maintain certifications, including ISO27001, PCI DSS, ISO 9001 and 14001.
• Manage relationships with external bodies including ICO, law enforcement, security suppliers etc.
• Lead investigations as required.
• Provide input into the Risk, Audit and Compliance Committee to ensure Information Security is included in risk and compliance reports.
• Design and implement systems/process that meet legislative requirements.
• Responsible for Business Continuity planning across the global businesses.
• Act as the security escalation point within the business for all Technology Security operational issues.
• Manage security incidents and events to protect corporate information technology (IT) assets, intellectual property, fixed assets, and Redwood\xe2\x80\x99s reputation.

Person Profile

Expected (E) or desirable (D) knowledge, education, experience and skills

Education & Qualifications:

Bachelor\xe2\x80\x99s Degree/equivalent in Computer Science or related subject, or substantial alternative experience

E

Security-related certifications. MISR, CISSP, COBIT

D

Experience:

Substantial experience of leading Information Security at an Executive level, typically of at least five years

E

Operational experience of implementing IT or networking systems

E

Experience of managing ISO or equivalent certifications

E

Experience of managing projects through virtual teams across a business

E

Experience of working in a business processing sensitive customer data

E

Internal audit experience

D

IT/telecoms experience, preferably SaaS

D

Skills / Aptitude:

Great communicator, including verbal, written and presentation skills

E

Excellent interpersonal skills, able to influence those not in direct line management

E

Detail driven

E

Numerate

E

Organised and process driven

E

With over 30 years of experience and strong partnerships across various sectors, including forces, government, technology, and banking, we are dedicated to delivering top-quality candidates who excel in your market.

Apex Elite