Connecting to LinkedIn...

Information Security Manager

Job Title: Information Security Manager
Contract Type: Permanent
Location: London, London
Salary: £65000 - £75000 per annum + benefits
Start Date: ASAP
Contact Name: Bonnie Chuong
Contact Email:
Job Published: 3 months ago

Job Description

Information Security Manager - Up to £75,000 Plus Benefits - London

Montash is being retained by a growing Financial Services firm who are keen to bring on board an experienced Information Security Manager. You will be providing security leadership and hands-on work in the design, implementation, maintenance, monitoring, and troubleshooting of a broad range of controls.

· Security responsibilities include:
o Serve as subject matter expert and actively assist the UK teams in the development of secure business solutions for medium to highly complex problems.
o Monitor, analyse, and interpret security/system logs for events and incidents reflective of unauthorized access or operational irregularities.
o Work on multiple projects as the team member who leads the security design of the project.
o Lead, support, and coordinate information security incident response as required.
o Monitor security advisories and ensure security updates, patches, and preventive measures are in place throughout the relevant security control environments.
o Perform technical IT security risk assessments and lead remediation efforts.
o Analyse audit findings and make recommendations to lower security risks to acceptable levels.
o Work closely with the US security and compliance teams to ensure consistency and alignment with global security strategy.
o Support information security awareness efforts throughout the business

· Lead a small team of analysts that cover the following scope of responsibilities for the business:
o Regulatory compliance of technology efforts especially concerning FCA, EU data protection requirements, and US Sarbanes-Oxley controls;
o Ensure that the security of the UK systems meets the demands of a financial services firm processing credit card transactions (focus on PCI and ISO 27001 frameworks);
o Audit and validate the accuracy of the loan management systems;
o Create the technology policies and procedures appropriate for the UK business and audit their implementation / adherence.

· Compliance responsibilities include:
o Prepare responses and participate in representing the business to external regulatory and industry bodies (e.g. FCA, PCI, SOX, and external auditors).
o Represent the UK Technology department in reporting and working with the global Enterprise Risk Management team.
o Report on the overall compliance and audit functions for the technology teams to the UK CTO, UK Head of Compliance, the UK CEO, and the global ERM function.
o Ensure that system changes comply with regulatory rules and company change management policies and procedures.

· Technology policies and audit responsibilities include:
o Author security policies, procedures, standards, and guidelines for computing infrastructure.
o Conduct regular reviews of policy and procedure effectiveness and gather evidence of compliance to those policies.

· System accuracy and audit responsibilities include:
o Manage the routine auditing of the accuracy of the UK lending systems for key areas (e.g. APR calculations, interest charges, debt management aging, regulatory communications to customers ….).
o Automate audit processes and tasks to achieve efficiencies and/or improved accuracy.

· General team responsibilities include:
o Manage multiple vendors that provide security and compliance services to the business.
o Participate as a member of the UK Technology leadership team to actively promote best-in-class security and compliance practices.
o Perform additional duties as assigned.

Essential Skills and Experience:

· Bachelor's degree in Computer Science or similar field of study, or have equivalent industry experience
· Technical IT experience working as an information security engineer or similar, including IP based applications (DNS, SMTP, SSL, etc.)
· Strong background working with security technologies: firewalls, intrusion detection, AV, IDS, vulnerability scanning and remediation, security log and event management, network traffic analysis, privilege management, etc.
· Knowledge of regulatory compliance standards used in financial industry (e.g., FCA, PCI, SOX)
· Strong understanding of core technology infrastructure components (e,g, LAN, WAN, and wireless communications and protocols, LINUX and Windows operating systems, and relational databases)
· Prefer CISSP, GIAC, or CISM certification
· Must have excellent teamwork and communication skills
· Application and mobile security a plus
· Familiarity and understanding of end to end SDLC processes and Agile development frameworks (Highly advantageous).

Social Stream

Latest News


Virgin Atlantic adopts Salesforce to promote ...

2016-10-26 10:00:00 +0100

Salesforce, one of the global leaders in Customer Relationship Management (CRM) tools, is used by thousands of companies around the world. Now, Virgin Atlantic Airlines has said that not only do the solutions provide an effective modern tool for business, but they can also be used to promote community culture. Speaking about the benefits that his firm has seen, Virgin Atlantic Head of Global Sales Effectiveness Spencer Collins said that the solution pro...


SAP announces partnership with STC

2016-10-25 10:00:00 +0100

One of the world’s leading providers of enterprise resource planning (ERP) solutions, SAP, has revealed that it is partnering with STC Advanced Solutions to offer both private and public sector organisations more empowerment. The two firms will be working alongside one another to provide cloud-based subscription services to firms of all sizes. This will help to deliver better information communication technology (ICT) across the Kingdom of Saudi Arabia....