Business Information Security Officer
City of London, London
£ 750 - 950/day
About The Role
Reporting to the Group CISO, the Business Information Security Officer is a key role in ensuring appropriate security posture.
You will join a growing information security team and take accountability for managing information security for local business units. The Company operates across 10+ offices and data centre locations globally and is actively expanding into new territories. This role can be based in our UK, Ireland, Belgium or Isle of Man offices.
Responsibilities
Manage security governance, risk and compliance of business units (and their branches) globally.
Participate in relevant Risk & Compliance Committees and service review forums.
Collaborate with business stakeholders by engaging with various business units, security teams, and other stakeholders to understand their requirements, identify areas for improvement, and gather relevant information to support security initiatives.
Conduct risk control self assessments. Conduct comprehensive analysis of business needs, security policies, and regulatory requirements to develop a deep understanding of security objectives. Translate these objectives into actionable requirements and recommendations. Implement the requirements in local business units.
Develop and maintain relevant documentation (inc. policies, processes, standards, procedures). Maintain accurate and up-to-date records to ensure accuracy of reporting.
Work closely with the business, IT and security team to develop effective security solutions aligned with business objectives. Evaluate existing processes, systems, and technologies to identify potential gaps, risks, and opportunities for improvement.
Coordinate and participate in management of security projects, ensuring timely delivery, effective resource allocation, and adherence to project timelines and budgets. Collaborate with cross-functional teams to ensure smooth implementation of security initiatives.
Produce accurate reporting and status updates for key stakeholders including the Executive & Board Committees.
Communicate complex security concepts and requirements in a clear and concise manner to both technical and non-technical stakeholders
Provide security consultancy to business initiatives. Support business programmes and projects.
Contribute to the security vision, strategy and tactical plans for Information Security in the company
Present current security risks and threats at technical and managerial levels.
Participate in Information Security Incident Response activities.
Monitor compliance with the organization's information security policies and procedures among employees, contractors and third parties.
Liaison with key stakeholders to create and enforce policy including business departments, IT, Legal, Internal Audit, and Compliance.
Lead the effort to ensure security compliance in accordance with regulatory requirements.
Role Requirements
Minimum of 3 years experience in similar role (GRC), 5 years experience in Information Security
Strong experience in defining and implementing security risk control management frameworks - i.e. CIS/SANS20, NIST CSF, ISO27001/27002, COBIT
Strong experience in system and network security
Strong experience dealing with Internal Audit and Risk Management functions
Experience in 2 nd Line of Defence (Risk) - a plus
Experience in Security Operations - a plus
Ability to develop and implement strategies to ensure compliance with industry and data protection regulations (such as BMA, MAS, EU regulations, DORA, GDPR).
Knowledge and experience using security and Enterprise Risk Management tools.
Demonstratable experience working within hybrid (on-site and cloud based) environment
Ability to work independently and think proactively
Ability to deliver results through influencing others
Ability to effectively communicate with C-level executives and business managers
Good interpersonal, written and verbal communication and engagement skills with experience engaging own team, all levels of employees and external partners
Must have project management and organisational skills required to manage multiple priorities in a fast-paced environment.
Must have high attention to detail; be a self-starter and able to prioritize in a fast moving, high pressure, constantly changing environment; high sense of urgency
Be energetic, passionate with a positive attitude
Relevant security certifications (CISSP, CISM, GCIA, CRISC, CGEIT, CCISO, etc.)GCS is acting as an Employment Business in relation to this vacancy