Sign Up
Upload CV
View All Jobs
LinkedIn
Email

Chief Information Security Officer

Home  »  Jobs   »   Chief Information Security Officer

Job Description

Purpose 

The Chief Information Security Officer (CISO) is responsible for the long-term strategic management of our client’s information security technology and governance according to the Information Security Management System (ISMS) framework. The CISO is expected to define, develop, and maintain a business-aligned Information and Cyber Security strategy and operating model for the ongoing protection of computer networks and information.

You will be a strategic and lateral thinker with exceptional leadership credentials and a sophisticated approach to stakeholder and supplier management (ideally within the finance sector).

The role requires:

A good overall understanding of the business and the jurisdictions in which they operate; the applicable legal and regulatory obligations (in particular data protection requirements); a thorough understanding of the technology underpinning our client’s  IT systems; and a broad, up-to-date knowledge of information security frameworks, vulnerability management, incident management and response, secure development techniques and approaches, Cyber Security engineering and operations, and management and governance of Cyber risk and Cyber Security.

Key Responsibilities include:

  • Information Security Strategic leadership
  • Governance & standard development and monitoring
  • Security Incident Management
  • Cyber Risk management
  • Driving Information Security awareness

Main tasks and responsibilities

  • Security incident Management
  • Ownership and management of the Information Security Incident Management Process. Manage incidents and their follow-up actions, agreeing the required actions and ensuring that all required actions are carried out as required.
  • Manage the documentation of policies, procedures, security guidelines and runbooks to assist in the timely resolution of Security Incidents.
  • Assist with development of relevant BCP plans for IT and business from a security perspective.

Cyber Risk

  • Oversight, management, and reporting on all risks pertaining to information security, including all forms of cyber risk and all risks relating to the protection of personal data throughout the businesses in all locations.
  • Developing and monitoring Key Risk Indicators (KRI) and Key Performance Indicators (KPI), relating to the information security controls of the businesses.
  • Assist in the ongoing assessment of risk to the security of information, assets, and personnel.
  • Assist in management of cyber risk including risk reviews and mitigation planning. 

Governance / Standards

Assist with the initial certification and ongoing adoption of the NIST framework.

  • Develop and maintain information security documentation to agreed standards.
  • Facilitation of external information security audits, management reviews and internal information security audits.
  • Define and manage the monitoring of key measures of ISMS performance.

Information Security Strategic leadership

  • Drive and coordinate the management of security through the sharing of ideas between key security players; the monitoring of threats and subsequent identification of opportunities for improvement; and the on-going monitoring of security activity (e.g., penetration testing actions) to meet targets; and drive and manage the development of information security to ensure approaches, techniques and tools continue to meet needs.
  • Ensure that the team becomes an active part of projects at an early stage to ensure that all projects take information security into account; and to carry out – or oversee – information security risk assessments and ensure that the results are acted upon.
  • Provide training, coaching and internal consultancy to the business at all levels in relation to the Information Security Management System, the NIST framework and a wide variety of IT controls and information security controls, and in respect of new and evolving IT standards, cyber risks, and information security issues.
  • Authorise the release of system changes into production environments according to agreed parameters and processes.
  • Provide information security guidance to the IT team as part of project and software development lifecycles.
  • Perform regular internal and external security audits and testing including penetration testing.

Information Security Awareness

  • Assist in the development and delivery of training, education, and initiatives to promote security awareness throughout the businesses.

Cyber Risk Management

  • Preparation, management, and reporting of the Information Security Risk Assessment in conjunction with the overall Business Operational Risk Assessment.
  • Reporting on Key Risk Indicators and Key Performance Indicators.
  • Provide IT and information security control risk input into projects from inception.

Customer Management

  • Commits to exceeding expectations and needs to internal/external customers, possesses “customer first” mindset.
  • Ensures that work is accurate and well presented, that customer care is given priority above all else and that effort is made to exceed the minimum standard required in all areas.
  • Shows concern for detail no matter how small.
  • Take pride in doing a job well.

Key Performance Indicators

  • Ensure that the business process documentation created as part of the ISMS creation is maintained as and when processes change.
  • Security Incidents managed and closed out as required
  • Escalation of incidents within agreed timeframes
  • Adequate and robust testing of BCP plans
  • Ensure all new implementations are included in BCP plans/solution 
  • Risk assessments carried out to standard, to agreed schedule, and as required.
  • Ensure complete and accurate risk register in place and monitored
  • NIST alignment and accreditation
  •  Documentation that meets standards and drives processes.
  •  Audits progressed smoothly and with least disruption to the business as possible.
  •  All agreed security KPIs (Including security controls) monitored and reported as required.
  • Sharing of security ideas
  • actively promoted.
  • Audit actions (inc. penetration tests) managed and followed up in a timely fashion.
  • Applicable threats identified and actioned within agreed timescales.
  • Ongoing measurable improvements to approaches implemented to ensure information security is maintained long term.
  • Guidance in security risk assessments provided and carried out as required.
  • Corrective changes documented and agreed based on risk assessments and carried out to plan.
  • Change releases checked and authorised as required and in a timely manner.
  • Project Security Risk Assessments carried out as required.
  • Broad and effective staff security awareness delivered through various media and judged to be effective.
  • Contributing to the creation of a culture of risk awareness and the highest standards of corporate governance.
  • Preparation, management, and reporting of the
  • Information Security Risk Assessment in conjunction with the overall Business Operational Risk Assessment.
  • Assess operational risks associated with day-to-day activities and implement risk mitigation controls as necessary.
  • Ensure operational risk events are reported on a timely basis and risk event actions are completed within agreed timelines.
  • Maintain effective relations with all key stakeholders across the company.
  • Commits to exceeding expectations and needs to internal/external customers, possesses “customer first” mindset.
  • Ensures that work is accurate and well presented, that customer care is given priority above all else and that effort is made to exceed the minimum standard required in all areas.
  • Shows concern for detail no matter how small.
  • Take pride in doing a job well.
  • Quality and timeliness of communication updates to all relevant parties.
  • Appropriate service is delivered at all times, across all business lines and feedback is sought from key stakeholders to fully assess the service quality.
  • Is a role model in demonstrating the behaviours and culture across the organization.
  • Represents company strategy and commercial decisions in a proactive and positive manner.
  • Leads by example, to motivate and assist with managing change across the organization

Qualifications

  • At least 8 years’ experience in Information Security, and experience in people and IT management.
  • Experience in security tools, technology, and architecture.
  • Management experience that encompasses information systems or information security experience.
  • Relevant certification is preferred (ISO27001 or NIST lead auditor, CISSP, CISM, CRISC, CCRO) along with following experience:
  • NIST implementation
  • Internal audit knowledge
  • Risk analysis – systems/projects/changes
  • Security technical knowledge / skills
  • Information Systems such as Active
  • Directory, VMware, Firewalls, Network,
  • Storage, QRadar/SIEM
  • IT hardware, software, process appreciation

Skills

  • Process mapping and data analysis skills.
  • Analytical skills – Interprets quantitative and qualitative information to achieve objective and produces effective solutions to problems.
  • Ability to work within tight deadlines and deliver solutions within defined time periods.
  • Experience working in a complex operational environment.

Behaviours

  • Cooperative, flexible, adaptable, and persistent.
  • Diligence – Being careful about detail and thorough in completing work
  • Integrity – Being honest and ethical
  • Must be willing to travel occasionally between offices in all the team territories where required (infrequent)

Apply
Salary: £54,000 to 160,000 Per Year

Job Summary

Isle of Man
Ref ID: 4612
May Wed, 2023
£54,000 to 160,000 Per Year
Apply
Shearwater Recruitment – An Isle of Man founded recruitment agency changing how you recruit and how you’re recruited. Together, we can be exceptional.
Links
Careers
Social Media
Facebook-f Twitter Linkedin
Browse Jobs

Shearwater Recruitment Limited. Company number: 135746C. 

Licenced by the Isle of Man Government.