Information Security Manager - Up to £75,000 Plus Benefits - London
Montash is being retained by a growing Financial Services firm who are keen to bring on board an experienced Information Security Manager. You will be providing security leadership and hands-on work in the design, implementation, maintenance, monitoring, and troubleshooting of a broad range of controls.
· Security responsibilities include:
o Serve as subject matter expert and actively assist the UK teams in the development of secure business solutions for medium to highly complex problems.
o Monitor, analyse, and interpret security/system logs for events and incidents reflective of unauthorized access or operational irregularities.
o Work on multiple projects as the team member who leads the security design of the project.
o Lead, support, and coordinate information security incident response as required.
o Monitor security advisories and ensure security updates, patches, and preventive measures are in place throughout the relevant security control environments.
o Perform technical IT security risk assessments and lead remediation efforts.
o Analyse audit findings and make recommendations to lower security risks to acceptable levels.
o Work closely with the US security and compliance teams to ensure consistency and alignment with global security strategy.
o Support information security awareness efforts throughout the business
· Lead a small team of analysts that cover the following scope of responsibilities for the business:
o Regulatory compliance of technology efforts especially concerning FCA, EU data protection requirements, and US Sarbanes-Oxley controls;
o Ensure that the security of the UK systems meets the demands of a financial services firm processing credit card transactions (focus on PCI and ISO 27001 frameworks);
o Audit and validate the accuracy of the loan management systems;
o Create the technology policies and procedures appropriate for the UK business and audit their implementation / adherence.
· Compliance responsibilities include:
o Prepare responses and participate in representing the business to external regulatory and industry bodies (e.g. FCA, PCI, SOX, and external auditors).
o Represent the UK Technology department in reporting and working with the global Enterprise Risk Management team.
o Report on the overall compliance and audit functions for the technology teams to the UK CTO, UK Head of Compliance, the UK CEO, and the global ERM function.
o Ensure that system changes comply with regulatory rules and company change management policies and procedures.
· Technology policies and audit responsibilities include:
o Author security policies, procedures, standards, and guidelines for computing infrastructure.
o Conduct regular reviews of policy and procedure effectiveness and gather evidence of compliance to those policies.
· System accuracy and audit responsibilities include:
o Manage the routine auditing of the accuracy of the UK lending systems for key areas (e.g. APR calculations, interest charges, debt management aging, regulatory communications to customers ….).
o Automate audit processes and tasks to achieve efficiencies and/or improved accuracy.
· General team responsibilities include:
o Manage multiple vendors that provide security and compliance services to the business.
o Participate as a member of the UK Technology leadership team to actively promote best-in-class security and compliance practices.
o Perform additional duties as assigned.
Essential Skills and Experience:
· Bachelor's degree in Computer Science or similar field of study, or have equivalent industry experience
· Technical IT experience working as an information security engineer or similar, including IP based applications (DNS, SMTP, SSL, etc.)
· Strong background working with security technologies: firewalls, intrusion detection, AV, IDS, vulnerability scanning and remediation, security log and event management, network traffic analysis, privilege management, etc.
· Knowledge of regulatory compliance standards used in financial industry (e.g., FCA, PCI, SOX)
· Strong understanding of core technology infrastructure components (e,g, LAN, WAN, and wireless communications and protocols, LINUX and Windows operating systems, and relational databases)
· Prefer CISSP, GIAC, or CISM certification
· Must have excellent teamwork and communication skills
· Application and mobile security a plus
· Familiarity and understanding of end to end SDLC processes and Agile development frameworks (Highly advantageous).