I am currently working with and representing a financial services leader who are looking for a Head of IT Integration Security to join their team in either Chatham or Wolverhampton on a permanent basis.
For the Group IT Integration Programme, you will oversee all concurrent InfoSec work-stream operations. As a Subject Matter Expert, you will use your experience in managing InfoSec transformation programmes, as well as designing and executing enterprise-class security solutions in large-scale IT settings. During the design, integration, and testing phases of the various work-stream deliverables, you will apply your experience and abilities to handle fluctuating priorities. You will make sure the IT Integration's security solutions and overall security architecture are in line with the Group InfoSec strategy, architecture principles, and security services catalogue.
*Develop, deploy, and test enterprise-class security solutions to counter current and upcoming threats while maintaining operational resiliency and alignment with recognised frameworks, regulatory standards, and business and technology strategy.
*Ensure that all IT Integration security services are fully operational through documented designs, operational procedures, and knowledge transfer (training, vendor relationships, residual risks).
*In an ever-changing IT environment, you will advise and develop security architectural best practises.
*Act as the main point of contact for major IT Integration issues that need to be resolved or discussed with your line manager.
*Work with key stakeholders to define, manage, and deliver the security components of a multi-workstream IT integration project.
*As the Subject Matter Expert, you will provide advanced specialised support and advisory services in all areas of IT Security, including aligning standards, frameworks, and security with overall business and technology strategies.
*Ensure that security and IT solutions are integrated into the existing InfoSec framework (e.g., SOC, logging, Endpoint monitoring).
*Balance demand for InfoSec support against available resources and operational operations to guarantee successful outcomes.
*Using centrally controlled monitoring and response services, define cloud security architectures and internal system designs with appropriate controls and monitoring capabilities.
*Assist the CISO of the group by facilitating the creation of Information Security Reporting and Metrics for new platforms and capabilities in the IT integration programme.
*Define scope, manage daily debriefings, deliverables, and established corrective action plans for Ethical Hacking engagements through specialist third parties.
*Define and meet operational readiness approval success criteria at critical stages of the IT Integration Programme.
*Ensure that IT teams are appropriately managing Vulnerability Management analysis and prioritisation of IT Integration environments.
*At the Architecture and Change Management Committees, review, challenge, and contribute to technical designs and debates to ensure that security is built into new solutions.
*Make sure you understand and follow the organization's Risk Management Policies as they pertain to your area of responsibility and show that you put customers first in all you do daily.
*Ensure that you completely comprehend and comply with the organization's Data Governance Policies as they relate to your area of responsibility.
*Manage 3rd party and vendor risks, service levels, and service metrics as the initial Relationship Owner (RO) for new security products and solutions.
*Uphold the company's compliance requirements and ensure that all obligatory on-line training modules and attestations are completed on time.
*10 years of experience working in a dedicated Information Security (InfoSec) role is essential
*10 years of experience working in financial services is desirable
*10 years of experience in delivering cyber security and technology risk reduction programmes or projects is essential
*5 years of experience documenting and reviewing security and IT designs to identify security risks and gaps is essential
*3 years of experience security threat /vulnerability management and remediation is essential
*3 years of experience implementing and managing security infrastructure such as firewalls, intrusion prevention systems (IPSs), DLP, web application firewalls (WAFs), endpoint protection, SIEM and log management technology is essential.
*3 years of experience with Cloud-based services and securing cloud architectures is essential
*1 year of experience implementing application security quality gates and tooling for development teams and the SDLC process is essential
*1 year of experience in delivering security technology integration/separation requirements resulting from an organisational merger & acquisition is desirable
*Specialist knowledge of threats, vulnerabilities and countermeasures is essential
*Detailed knowledge of security incident response is essential
*Detailed knowledge of Identity and Access Management (IAM) practices and principles as they apply to large corporate environments
*Basic knowledge of the UK Data Protection Act/GDPR is essential
*Detailed knowledge of PCIDSS is essential
*Detailed knowledge of Cloud computing and Cloud security is essential
*Detailed knowledge of Network Security is essential
*Good level of knowledge of technical risk reviews and assessments, concerning IT and cyber risks is desirable
*Good knowledge of Application Security is essential
*Good knowledge of IT Change Management and Service Delivery (ITIL) is desired
*Basic knowledge of TOGAF is desired
*Active CISSP, CISM, CISA, CEH, SANS certifications or equivalents.