Local Information Security Officer


Premium Job From Experis IT

Recruiter

Experis IT

Listed on

1st June 2017

Location

Milton Keynes

Salary/Rate

£450 - £495

Type

Contract

This job has now expired please search on the home page to find live IT Jobs.

Local Information Security Officer (LISO)

Milton Keynes

6 Month Contract

£450 - £500 p/d

PRIMARY PURPOSE OF THE JOB

Accountable for implementing, developing and executing the overall governance of Information Security (IS) management within VWFS UK and to ensure that Information Security threats are managed and controlled in line with VWFS guidelines.

This role is pivotal in the development of Information Security management in the subsidiary and works in connection with the Chief Information Security Officer (CISO) in HQ to ensure continual improvements in local security processes and monitoring are implemented, as well as ensuring that governance is conducted with appropriate levels of rigour and oversight.

The primary purpose of the role is to ensure that the security risks which exist within the VWFS UK IT business are identified, managed, monitored and reported on.

MAIN RESPONSIBILITIES

* Accountable for direct line management of the Risk & Security Analyst and Security Architect

Information Security Strategy

* Develop and agree Information Security Strategy for VWFSUK, aligned to global business strategy and UK strategic goals.

* Define information security roadmaps, derived from strategy.

* Implement strategic management of information security, to ensure tactical and strategic needs are planned, resourced, managed and governed.

Information Security Management System

* Responsible for the effective governance of the Information Security Management System (ISMS) in VWFS UK including the implementation, operation, continual development and improvement of the ISMS, and alignment to VWFS AG and appropriate statutory and regulatory requirements.

* Governs the implementation of IS-regulations within VWFS UK IT and informs the Local Information Risk Officer (LIRO) about any IS-requirements that have not been implemented

* Monitor IS measures and review the development of the ISMS, providing regular reporting to the Chief Information Security Officer (CISO).

* Making sure that the ISMS is fit for purpose and benchmarked against leading practices.

* Defining and executing risk remediation activities to minimise risk and protect our business.

* Managing security through the entire IT life cycle.

Information Security Operations

* Responsible for the planning and execution of security measures to mitigate security threats and agree cohesive delivery plans with IT and the wider business

* Responsible for the continuous improvement of security policies and procedures

* Responsible for advising on IS risks and compliance impact within IT operational activity

* Responsible for ensuring security incident management is in place

* Responsible for approving the IS measures and continuous identification of security gaps

* Responsible for ensuring consistent communication between VWFS UK and the wider organisation on Information Security policies, procedures and any other awareness activities

* Responsible for the delivery of Information Security training and learning to VWFS UK IT and the wider business to:

* increase information security awareness of the IT management and wider employees (internal and external) about information security and policies and processes that must be followed

* ensure understanding of the agreed IS measures set against security standards, to drive accountability for the documentation including the creation of reports for the implementation of IS requirements and for the development of ISMS KPIs and dashboards

* Using the Protection Needs Analysis (PNA) to deliver the required outcomes as defined against the As-Is and To-Be.

Information Security Monitoring and Audit

* Ensure there is agreement with the Local IT Compliance Officer (LICO) and the planning and execution of information security audits to maximise compliance.

* Define penetration testing strategy and plan execution. Use testing results to agree and track remediation action.

* Provide oversight of information security related activities conducted across the IT function.

* Ensure independence of the auditors from the audited environment (separation of functions)

* Ensure the security measures are fit for purpose through ongoing monitoring

* Planning and commissioning of audits with respect to the compliance of security specifications

Accountable for completing regular reviews of the VWFS UK working practices and applications, ensuring compliance with information security standards as per the IOHB and IS guidelines defined by VWFS AG

EDUCATION, TRAINING AND EXPERIENCE

Mandatory;

* Proven skills and experience in Information Security and Risk Management

* CISM Certification or equivalent

* Technical knowledge with Information Security Standards (ISO 27000, BSI, etc.)

* Deep knowledge and practical experience in Information Systems Security gained from working for in-house IT security and compliance department of a regulated financial services company

* Good understanding of FCA regulation and compliance

* People management and team management experience

* Experienced in negotiation with internal IT teams, Security, Risk and Compliance

* IT security management / Information / audit analysis experience

* Proven track record in engaging with internal and external stakeholders at all levels to influence positive outcomes

* Previous experience in Financial Services, Automotive Finance or retail consumer finance (B2C)

* Experience in identifying and creating new processes, services and procedures where none currently exist.

Desirable:

* Educated to degree level in computer science or a similar discipline, or equivalent experience.

* German Federal Banking Regulatory awareness (BAFIN)

* Experience of Agile delivery methods.

* Experience of Digital security management and topics.

* Knowledge or certification to Certified Information Systems Security Professional (CISSP)

* COBIT Certified

You are currently using an outdated browser.

Please consider using a modern browser such as one listed below: