Information Security Risk Manager
Recruiter
Listed on
Location
Salary/Rate
Salary Notes
Type
Start Date
This job has now expired please search on the home page to find live IT Jobs.
Job Purpose
Our client, an exciting Financial Services organisation, is looking for IT Security and Risk Manager to be responsible for ensuring that all elements of Information Security Risk are managed, supported and maintained across the business, providing assurance that the risk profile is fully understood across the business.
The IT Security and Risk Manager will also be responsible for managing and developing the Information Security Risk Team to support the business it its operation and growth whilst reducing Information Security Risk to an appropriate level.
Key Responsibilities for the IT Security and Risk Manager
- To take ownership of the overall risk function across the business working alongside the board to create and implement strategy as well as develop and manage the team
- To administer the overall risk management process for the business including risk assessment and evaluation in line with the business’s 'risk appetite', risk reporting in an appropriate way for different audiences.
- Help the business implement policies and controls aligned to ISO27001
- To manage business continuity plans.
- To represent IT Security across all elements of the business, at Production and Pre Production levels, ensuring that IT Security and compliancy is considered and applied at all relevant points.
- To manage the business’s risk register to ensure that all IT Security risks are remediated where possible, reduced to an acceptable level or recorded, understood and signed off at the appropriate level.
- To ensure that IT Security Risks are communicated to the business as appropriate.
- To ensure all pre-emptive security work, such as server hardening, are undertaken.
- To maintain the business’s PCI DSS and other applicable compliance standards are maintained.
- To work with Internal and External audit to assure IT Security.
- To assure the business wide patching policy and implementation of patch plans. To be worked through in accordance with set PCI compliance standards and timelines. To ensure all patches are to be risk assessed and deployed within 30 days of release.
- To Maintain the businesss security systems and security principles to a defined secure PCI DSS Compliant standard, with high availability. Management of infrastructure security controlling access to a range of network services including IPsec VPN, backup, test networks, environmental controls, network monitoring and segregation of departmental traffic.
- Responsible for ensuring procedures are implemented and undertaken to ensure all group and company Audit measures are achieved.
- To work with the IT Security Architecture and IT Security Operations teams to ensure a consistent and unified approach to improving the business’s Security Posture is followed. Direct management and prioritisation of the Security team workbook, ensuring alerts or issues are investigated and processed, incidents, breaches managed to SLA, minimising impacts to business or Service Level Agreements (SLAs). Compilation and dissemination of Problem reports following all cessation of the associated incident.
- Ensure that all Audit and Data Protection requirements are met and adhered to by the Business and Security department, as well as assist in working towards and improved compliance against PCI DSS.
- Carry out vendor Security Assessments as required.
- Act as a Subject Matter Expert on Information Security Risk for the Business.
Desired Skills & Experience of the IT Security & Risk Manager
- CISSP/CISM or working towards CISSP/CISM qualification, PCI experience desired
- Extensive experience of implementing Risk frameworks across business
- 10+ years’ experience working in a Senior Position/Management role
