The Opportunity
Nigel Wright is delighted to be supporting this international tech business on seeking a Head of Information Security who will lead on identifying and delivering change to improve the business's security posture. As part of the senior leadership team you will own and deliver the company's Information Security, Business Continuity and Crisis Management strategy, policies and programme to identify and reduce cyber risk across the business. The role will maintain and work within a number of legal, regulatory and compliance frameworks.
The role is both internally and externally focussed, ensuring the company's own security position is hardened, given the ever-changing threat landscape but also liaising with customers with any security issues.
The company has a hybrid working policy where you will be in the office 2-3 days per week.
The Role
You will be responsible for developing the company's Information Security roadmap, ensuring that change can be identified and executed. Specifically you will:
- Ensure the company's technology is safeguarded through proactive and reactive strategies to protect their product and brand
- Lead, create and implement security & business continuity strategy and roadmap aligned with wider business objectives
- Lead and develop a confident, competent and resilient information security team
- Lead the implementation and rollout of security tooling and frameworks.
- Implement and manage operational resilience across the business.
- Ensure business impact assessments are created and maintained across the business
- Identify, track, analyse and remediate cyber risk across the business
- Provide secure and compliance software applications across all areas of the business
- Identify, Manage and Partner with key business stakeholders in order to address the security requirements and threats to the business
- Lead on the implementation and upkeep on the Information Security Management System.
- Lead on the implementation and maintenance of relevant security legal, regulatory and compliance frameworks
- Represent senior stakeholder for all things security and business continuity for our clients
- Ensure the business has a practical and fit for purpose business continuity plan that is known and understood by the business
- Ensure appropriate monitoring controls are in place to identify, protect and detect threats.
- Ensure a comprehensive library is maintained of all assets with assigned ownership
- Partner with the People Team for continuous security learning and awareness requirements
- Protect the business from current and emerging threats
- Remain up to date in current industry intel and cyber security trends
The Person
With proven experience gained working in Information Security in a senior role, you will have experience of leading a team, and knowledge of the fundamental leadership
qualities required to excel in a leadership role. Possessing excellent communication skills, with the ability to influence at executive level, you will have:
- Experience defending web scale internet properties against distributed brute force attacks, DDOS and OWASP top 10 threats
- Excellent writing skills, able to author and review policy documentation
- A high level technical understanding of essential internet concepts (HTTP, SSL, TCP networks, OAuth)
- An understanding of cloud computing concepts and security at scale
- An understanding of Zero Trust and DevSecOps and the benefits they bring
Any appropriate security management qualifications such as CISSP or CISM will be beneficial though not essential. Applicants looking to make the step up into this role are welcomed along with seasoned professionals excited by delivering change.