Our client is seeking a Head of Information Security Assurance with strong background in the risk management aspects of security, with an in depth understanding of any relevant regulations and legislation that affect the operations of the organisation.
The Head of Information Security Assurance will have expert knowledge of industry recognised security frameworks and regulations such as ISO 27001, ISF SOGP, DPA and PCI-DSS (including latest versions) which will aid in the communication of compliance and associated risk to key stakeholders.
You will be a mentor and a coach to the Security Assurance Managers and Analysts, and drive the InfoSec compliance strategy and ongoing delivery within the InfoSec Transformation programme across the Group, where a huge amount of investment is being placed on improving the security posture of the organisation.
In this role, you will work closely with the CISO and all areas of the information security assurance to report on the status of risk and compliance within the business.
You will be responsible for:
- Managing the Information Security Assurance team including prioritising workloads;
- Champion Information Security and Risk Management concepts and the objectives of the Security Management Office function to the assurance team and Business units;
- Review effectiveness of technical and organisational controls on a regular basis and provide implementation oversight of recommended and approved improvements;
- Participate with Policy and Standard documentation updates and approvals;
- Acting as the signoff and escalation point for both security GRC and Security Assurance teams;
- Collecting data that is used for KPI reporting for the CISO; and
- Working closely with the CISO and all the areas of the information security assurance to report on the status of risk and compliance within the business.
- Excellent analytical skills and ability to solve complex problems;
- Excellent communications skills and the ability to clearly and concisely articulate information security risks to the director and exec levels;
- Ability to influence security good practice behaviours within the organisation;
- Previous management experience in information security;
- Ability to manage 3rd party security vendors and be involved in the procurement process;
- Knowledge of ISF SOGP, PCI-DSS and Data Protection; and
- Expert in Security Governance and Security Assurance.
- Bachelors or master’s degree in computer science, information technology, information security or a related field;
- Previously worked within a large, multinational retail organisation;
- Understanding of SharePoint libraries and publication to intranets; and
- Previous experience in information security strategy.
At least two of the following certifications is required, further training may be given to the right candidate:
- ISO 27001:2013 Lead/Implementation Auditor
If you are interested and have the relevant experience, please email your CV to firstname.lastname@example.org
Contract: Full time – Permanent
Location: West London