Connecting to LinkedIn...

Connecting to LinkedIn...

W1siziisijiwmtqvmdkvmzavmtavndevmzevmzkxl3n0b2nrx3bob3rvx2pvynnfynv0dg9ux29ux2tlewjvyxjkxzgwmdu4mtgxlmpwzyjdlfsiccisinrodw1iiiwimtkymhgxmjuwiyjdxq

Information Security Manager

Job Title: Information Security Manager
Contract Type: Permanent
Location: London, London
Industry:
Salary: £65000 - £75000 per annum + benefits
Start Date: ASAP
REF: GRCSM
Contact Name: Bonnie Chuong
Contact Email: bonniec@montash.com
Job Published: about 1 year ago

Job Description

Information Security Manager - Up to £75,000 Plus Benefits - London

Montash is being retained by a growing Financial Services firm who are keen to bring on board an experienced Information Security Manager. You will be providing security leadership and hands-on work in the design, implementation, maintenance, monitoring, and troubleshooting of a broad range of controls.

· Security responsibilities include:
o Serve as subject matter expert and actively assist the UK teams in the development of secure business solutions for medium to highly complex problems.
o Monitor, analyse, and interpret security/system logs for events and incidents reflective of unauthorized access or operational irregularities.
o Work on multiple projects as the team member who leads the security design of the project.
o Lead, support, and coordinate information security incident response as required.
o Monitor security advisories and ensure security updates, patches, and preventive measures are in place throughout the relevant security control environments.
o Perform technical IT security risk assessments and lead remediation efforts.
o Analyse audit findings and make recommendations to lower security risks to acceptable levels.
o Work closely with the US security and compliance teams to ensure consistency and alignment with global security strategy.
o Support information security awareness efforts throughout the business


· Lead a small team of analysts that cover the following scope of responsibilities for the business:
o Regulatory compliance of technology efforts especially concerning FCA, EU data protection requirements, and US Sarbanes-Oxley controls;
o Ensure that the security of the UK systems meets the demands of a financial services firm processing credit card transactions (focus on PCI and ISO 27001 frameworks);
o Audit and validate the accuracy of the loan management systems;
o Create the technology policies and procedures appropriate for the UK business and audit their implementation / adherence.

· Compliance responsibilities include:
o Prepare responses and participate in representing the business to external regulatory and industry bodies (e.g. FCA, PCI, SOX, and external auditors).
o Represent the UK Technology department in reporting and working with the global Enterprise Risk Management team.
o Report on the overall compliance and audit functions for the technology teams to the UK CTO, UK Head of Compliance, the UK CEO, and the global ERM function.
o Ensure that system changes comply with regulatory rules and company change management policies and procedures.


· Technology policies and audit responsibilities include:
o Author security policies, procedures, standards, and guidelines for computing infrastructure.
o Conduct regular reviews of policy and procedure effectiveness and gather evidence of compliance to those policies.


· System accuracy and audit responsibilities include:
o Manage the routine auditing of the accuracy of the UK lending systems for key areas (e.g. APR calculations, interest charges, debt management aging, regulatory communications to customers ….).
o Automate audit processes and tasks to achieve efficiencies and/or improved accuracy.


· General team responsibilities include:
o Manage multiple vendors that provide security and compliance services to the business.
o Participate as a member of the UK Technology leadership team to actively promote best-in-class security and compliance practices.
o Perform additional duties as assigned.

Essential Skills and Experience:

· Bachelor's degree in Computer Science or similar field of study, or have equivalent industry experience
· Technical IT experience working as an information security engineer or similar, including IP based applications (DNS, SMTP, SSL, etc.)
· Strong background working with security technologies: firewalls, intrusion detection, AV, IDS, vulnerability scanning and remediation, security log and event management, network traffic analysis, privilege management, etc.
· Knowledge of regulatory compliance standards used in financial industry (e.g., FCA, PCI, SOX)
· Strong understanding of core technology infrastructure components (e,g, LAN, WAN, and wireless communications and protocols, LINUX and Windows operating systems, and relational databases)
· Prefer CISSP, GIAC, or CISM certification
· Must have excellent teamwork and communication skills
· Application and mobile security a plus
· Familiarity and understanding of end to end SDLC processes and Agile development frameworks (Highly advantageous).

Social Stream

Latest News

W1siziisijiwmtcvmdkvmjkvmdgvmtmvmjkvmjgyl1vudgl0bgvkigrlc2lnbiaomjuplmpwzyjdlfsiccisinrodw1iiiwimzgwedewmcmixv0

Are PSLs a Blocker or an Enabler?

2017-10-02 11:00:00 +0100

The use of a Preferred Supplier List (PSL) was intended to support and strengthen relationships and performance between organisations and their third party suppliers. As the technical landscape continues to evolve at rapid rate recruitment and demand for new skills becomes more intense. Are PSLs still the solution or an obstacle to sourcing the right talent? The traditional PSL A dedicated list of partners intended to guarantee quality and availability ...

W1siziisijiwmtcvmdkvmjevmdgvndmvmduvmtmxl1vudgl0bgvkigrlc2lnbiaomjmplmpwzyjdlfsiccisinrodw1iiiwimzgwedewmcmixv0

Why do we punish the victims of hacking?

2017-09-21 09:00:00 +0100

Hacks occur every 39 seconds, with 95% of them targeting governments, retailers and the tech industry. If the hackers are caught, they'll face prison time under the Computer Misuse Act. More often than not, the businesses who are victims of those attacks expose themselves to punishment of their own. The laws that determine the duty of protection owed to businesses and their customers is both vague and broad, making them question just how much protection...