Interim Head of Information Security

Job Title:  Interim Head of Information Security
TR Ref:  DB/TR13521
Location:  Hybrid remote/office working, commutable to Surrey/Sussex border
Start/Duration:  Starting asap, for an initial 6-month contract

This highly successful software and solutions company has doubled in size over the past 12-18 months, as a result of continued organic growth and several acquisitions, and now has 1,200 staff in 15 global offices.

Operating in a highly regulated sector InfoSec is very high on their agenda, hence this new appointment for an InfoSec specialist to work closely with the Group CIO, to implement the necessary security controls to ensure the integrity of all systems, data, network and endpoints. This role could suit an InfoSec Lead/Principal from a larger enterprise organisation or a CISO from a smaller/medium-sized organisation.

What you will be doing:

• Supporting the improvement of the Global ISMS and the implementation of the Group Information Security Strategy
• Take the lead on cyber security across the Group to ensure that information assets are adequately protected
• Create a plan of work and prioritised list of activities
• Assist with responses to customer security questionnaires
• Full management of security supplier services
• Process owner for all ongoing activities related to the availability, integrity and confidentiality of customer, company and employee data
• Identify, evaluate and report on information security risks
• Work with the business to implement practices that meet defined InfoSec policies and standards
• Liaising with counterparts in customers and suppliers and maintaining stakeholder relationships
• External and Internal Audit oversight
• Manage security incidents and events to protect corporate assets
• Facilitate information security risk assessment process, including reporting and oversight of remediation efforts to address negative findings
• Ensure management awareness of any security implications that would impact the business or customers

The skills you will need:

• Minimum of 5 years’ experience as an Information Security Officer with the ability to demonstrate security incident management and security risk assessment
• Relevant information security certifications (CISSP, CISM)
• Ability to communicate InfoSec concepts at a business level
• Knowledge of best practice security and control frameworks (ISO 27001 and ITIL)
• Broad knowledge of IT architecture and underpinning technologies (specifically Microsoft, Cisco, SonicWall and HP)
• Knowledge of technological trends and developments in the area of cyber threat mitigation, information security and risk management
• Responsible for planning own workload and working with autonomy, typically against a backdrop of changing priorities and/or external events
• Excellent attention to detail
• MS Office Skills (Excel, Word, PowerPoint, Project, Visio)
• Good communication skills (written and verbal)