Head of Information Security


Details:
  • Salary:
  • Job Type: Permanent
  • Job Status: Full-Time
  • Location: Nationwide
  • Date: 3 weeks ago
Description:

Head of Information Security

Permanent

Competitive salary + bonus

Onsite 3 days a week Sheffield or London

Purview are currently recruiting for a Head of Information security to join a growing software development company in the education space. The position requires an enterprise-minded and visionary leader with sound knowledge of business management and a working knowledge of cybersecurity technologies covering the corporate network as well as the broader digital ecosystem. In addition, the Head of InfoSec will be viewed as a business leader and should have a track record of competency in the field of information security and/or risk management, with seven to 10 years of relevant enterprise grade experience, including five years in a significant leadership role. A strong background in both governance and operations are vital for this role.

Key role responsibilities:

• Develop an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives

• Responsible for ensuring engagement from key stakeholders and helping them define the risk appetite of the firm.

• Facilitate ongoing management of security steering committee. Advise management on how best to securely exploit technology to drive the business`s transformation aspirations.

• Oversee security awareness training program for all employees, contractors and approved system users, and establish metrics to measure the effectiveness of this security training program for the different audiences.

• Ensure effective measures are put in place to protect the businesses internal / customer data in line with current legislations.

• Developing and embedding mature processes that focus on Risk Management and incident response. Carry out risk assessments and conducting frequent GDPR compliance audits.

• Work with stakeholders to develop Business Continuity and Disaster Recovery plans across the business.

• Advise Platform Engineering, Development, Product teams on SDLC security architecture and how to continually reduce the attack surface.

• Develop and maintain a document framework of continuously up-to-date information security policies, standards and guidelines. Oversee the approval and publication of said documents.

• Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection of information assets.

• Monitor advancements in educational technologies and threat horizons.

Education and experience requirements:

• Hold at least one of the following Security Management Certifications: CISM, CISSP, CSSLP, CISA, AWS Certified Security Specialty. (CISSP preferred)

• Leading Information Security functions in Enterprise-scale / software development environments essential.

• Proven experience in benchmarking against ISO27001 and NIST frameworks.

• Strong understanding of technical architecture and security aspects of infrastructure, application, web and cloud technologies.

• Demonstrable security-related experience in public cloud platforms (mostly AWS). In-depth knowledge of security services available in these platforms and how they can be applied to strengthen security posture in a SaaS business.

• Strong interpersonal skills - Senior stakeholder negotiation and influence / external vendor relationships. Excellent written and verbal communication skills with the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists.

• Proven experience of Least Privileged / Zero Trust adoption, Data Leakage Protection strategies in enterprise businesses.

• Strong experience having developed and managed business continuity and disaster recovery plans for large-scale SaaS businesses.

• Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.

• Must be a collaborative security leader with strong business acumen, critical thinker and have effective problem-solving skills.

• In-depth knowledge and understanding of Data Protection legislation, especially the UK Data Protection Act 2018 (GDPR) and the Australian Privacy Act 1988 and how to effectively apply controls across the business.

• Deep understanding of data security across the business.

• Experience working with third-party managed service suppliers including outsourced SOC.

• Sound knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies

Report this job

By sending this message I agree to GrindJob’s Terms and Conditions and Privacy Policy.

Enter your email to get a notification when similar jobs become available.

Create a job alert for Head of Security in Nationwide ()

By continuing, you agree to GrindJob’s T&Cs and Privacy Policy.

When applying for a job, do not provide bank account details or any other financial information.
Never make any form of payment. GrindJob is not responsible for any external website content.

Enter your email to get a notification when similar jobs become available.

Your browser does not support Cookies or JavaScript or this option is turned off in your browser settings.

How to enable Cookies and JavaScript

Your browser is out of date!

Update your browser to view this website correctly. Update my browser now

×

Please wait...
There was an error loading the page. Would you like to reload the page?