Chief Information Security Officer (Hybrid)

Canopius Full Time Hybrid, London, United Kingdom Head of Office - Information Technology

The CISO will define and maintain the global Cyber and Data security strategy and deliver a program of works to mature and drive capability within the security function to a posture appropriate for the scale of organisation within this regulated sector. In addition to owning the delivery of Cyber services the CISO will also be responsible for driving a security by design culture throughout IT and the wider organisation with appropriate levels of training to meet regulatory requirements but also to ensure we continually evolve and adapt to reflect the current threat landscape. This will also include appropriate Board & Executive training

Operating within the NIST framework for Cyber Security (as a minimum) the role will be responsible for all Identification, Protection, Detection, Response and Recovery activity.

The delivery of security services is managed through a third party ‘Managed Security Partner’. This role will be responsible for the relationship and defining the balance of MSSP vs in-house activity.

Responsibilities:

  • Strategic Planning: Set the Security in conjunction with the CIO and Business Heads/Directors. Define roadmap to deliver key initiatives. Working with the Enterprise Architects to ensure that security is built in to everything we do by design.
  • Policy: Set policies in line with business and Regulatory requirements
  • Security operations: Real-time analysis of immediate threats, and triage. Ensuring the SOC is operating appropriately and effectively for Canopius. Defining appropriate measures and SLAs with MSSP. Ensuring reporting at various requires levels is timely and appropriate
  • Cyber risk and intelligence: Keeping abreast of developing security threats, and helping the board, wider Senior Leadership team, understand potential security problems including those that might arise from acquisitions or other material business transactions.
  • Data loss and fraud prevention: Making sure external and internal threats to misuse or egress data is detected, managed and contained.
  • Security architecture: Planning and delivery security hardware and software, and making sure IT and network infrastructure is designed with best security practices in mind
  • Identity and access management: Ensuring that only authorized people have access to restricted data and systems. Working with the other Heads of to establish the appropriate levels of access and controls mechanisms
  • Program management: Keeping ahead of security needs by implementing programs or projects that mitigate risks
  • Investigations and forensics: Leading and coordinating investigation efforts, determining what went wrong in a breach, dealing with those responsible if they’re internal, and planning to avoid repeats of the same crisis
  • Governance: Making sure all of the above initiatives run smoothly and in line with agreed budgetary requirements. Engage directly with leadership ensuring understanding of initiatives drivers and their role in delivering adherence.
  • Drive a culture of Cyber Security Awareness and engagement, continue to evolve employee education programmes and materials to raise awareness for all employees up to and including the Board level

Skills and Experience:

  • Proven experience in a senior role within Information Security within a large organisation, preferably in the Financial Services sector (or other heavily regulated sector)
  • Subject matter expert with insight in information security and risk management, operational resilience and identity and access management
  • Demonstrable experience contributing to or running security education programmes across IT teams and across wider business groups
  • Demonstrable ability to balance and prioritise security requirements with business objectives and financial constraints
  • Confident in ensuring that Risk is fully understood by the Board and Excutives ensuring accepted risks are well documented, communicated and managed
  • Experience maintaining Regulated industry standards – exposure to NIST framework and operating with PRA would be preferred. Knowledge of current IT Security standards regulations such as ISO27001, SOX, NIST
  • Knowledge of relevant legislation and regulations within the UK, US and Asia Insurance and FS market
  • Working with outsourced service provider ensuring value and efficient service
  • Strong security foundation knowledge and practices in identity and access management, authentication, authorization, crypto, protocol security, perimeter security, OS hardening, threat intel, vulnerability assessment and penetration testing
  • Experience with application security including threat modelling, API security, security architecture design and review
  • Good understanding of new and emerging IT technologies and architectures in a corporate environment and proven ability to develop programs that meet regulatory and compliance standards
  • Strong communication and presentation skills

Personal Qualities:

  • A strong collaborator; excellent relationship building and communication skills with the ability to engage people from diverse cultures and different levels
  • Able to work on own initiative whilst ensuring key stakeholders are on board and understand the journey
  • Able to adapt and respond to changing corporate objectives as opportunities open up
  • Ability to articulate IT security and technical issues in a clear and concise manner to non-tech leadership teams and senior executives
  • Experience of working in a global organisation, balancing global and local requirements
  • Comfortable and proven experience in facilitating cultural and process change through whole organisations to ensure that IT Security procedures are lived day to day across all employees in the business

More Information

  • Salary £75,000 plus
  • Hybrid Role Yes
Apply for this job

Leave your thoughts

Share this job

Canopius

(0)
Company Information

Contact Us

Candid8
36 Regent Place
Rugby
Warwickshire
CV21 2PN
hello@candid8.co.uk