Cyber Security Manager

The role will require in-depth understanding of information security, technology architecture and business security. Successful candidates will be expected to demonstrate relevant experience working in a dynamic environment dealing with complex challenges, and communicating to all levels of the business.

JOB DESCRIPTION

 Work closely with the senior IT Services stakeholders to ensure that appropriate security guidance is provided to support project delivery;

 Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation.

 Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization.

 Provide risk-based direction in conjunction with IT Services for future system enhancements in line with the overall firm’s & clients strategy;

 Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action.

 Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support and in-house consulting in these areas.

 Provide subject matter expertise to support business relationship management functions.

 Act as Data Protection Officer ensuring systems and the information within them comply with current and future (as much is known) requirements.

 Ensure Privasia has an effective Data Classification process in place

 Ensure Privasia as an effective data retention and archiving process in place

 Take ownership and ensure Governance, Policy and Procedures in relation to Management of Information Security meets agreed standards within Privasia.

Technology Risk Assurance

 Have responsibility for scoping penetration testing activities to identify security weaknesses within Privasia's technology environments;

 Develop a culture of in-depth understanding as to why security testing is required at both business and internal team level;

 Analysis of information protection technologies and processes to identify technology security weaknesses;

 Develop risk assessments of data processing systems to confirm the design of logical controls are effective and meet regulatory and legal requirements

 Provide quality reports to summarise test activities, including objectives, planning, methodology, results, analysis and recommendations to both technical and non-technical audiences.

 Provide oversight and guidance during security incidents and investigations, ensure root cause analysis is undertaken and input suggested approaches to deal with lessons identified;

 Assist in the enhancement of delivery and management of key technology security platforms including SIEM, PAM, TVM and DLP;

 Provide continuous improvement to the Technology Security function;

 Collaborate with IT Services to develop and maintain secure technology solutions; and

 Actively contribute to the overall Privasia risk management framework reporting to the Head of Risk & Compliance ensuring consistency in the advice we provide to the business.

SKILL

 ISACA Certified Information Security Manager;

 Broad knowledge of a wide range of Information Technology systems and a deep understanding of the inherent security risks associated with these technologies;

 Able to establish the information security strategy for the organization and lead the implementation of the strategy.

 Understanding of information security principles and best practice (e.g., ISO27001, NIST and ISF Standards of Good Practice for Information Security);

 Strong technical abilities, combined with business acumen;

 Ability to present security topics to a non-technical audience and presenting the business value of security;

 A good understanding of IT networking and access management concepts;

 Ability to understand and assess technology systems and applications from both a technical and business function perspective;

 Ability to communicate business and technical risk to all levels of audience;

 Excellent interpersonal skills with the ability to build and influence teams; and self-motivated