Head Of Information Security in London

Head of Information Security

Permanent

Competitive salary + bonus

Onsite 3 days a week Sheffield or London

Purview are currently recruiting for a Head of Information Security to join a growing software development company within the education space.

The position requires an enterprise-minded and visionary leader with sound knowledge of business management and a working knowledge of cybersecurity technologies covering the corporate network as well as the broader digital ecosystem.

In addition, the Head of InfoSec will be viewed as a business leader and should have a track record of competency in the field of information security and/or risk management, with seven to 10 years of relevant enterprise grade experience, including five years in a significant leadership role.

A strong background in both governance and operations are vital for this role.

Key role responsibilities :

• Develop an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives

• Responsible for ensuring engagement from key stakeholders and helping them define the risk appetite of the firm.

• Facilitate ongoing management of security steering committee.

Advise management on how best to securely exploit technology to drive the business`s transformation aspirations.

• Oversee security awareness training program for all employees, contractors and approved system users, and establish metrics to measure the effectiveness of this security training program for the different audiences.

• Ensure effective measures are put in place to protect the businesses internal / customer data in line with current legislations.

• Developing and embedding mature processes that focus on Risk Management and incident response.

Carry out risk assessments and conducting frequent GDPR compliance audits.

• Work with stakeholders to develop Business Continuity and Disaster Recovery plans across the business.

• Advise Platform Engineering, Development, Product teams on SDLC security architecture and how to continually reduce the attack surface.

• Develop and maintain a document framework of continuously up-to-date information security policies, standards and guidelines.

Oversee the approval and publication of said documents.

• Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection of information assets.

• Monitor advancements in educational technologies and threat horizons.

Education and experience requirements:

• Hold at least one of the following Security Management Certifications: CISM, CISSP, CSSLP, CISA, AWS Certified Security Specialty.

(CISSP preferred)

• Leading Information Security functions in Enterprise-scale / software development environments essential.

• Proven experience in benchmarking against ISO27001 and NIST frameworks.

• Strong understanding of technical architecture and security aspects of infrastructure, application, web and cloud technologies.

• Demonstrable security-related experience in public cloud platforms (mostly AWS).

In-depth knowledge of security services available in these platforms and how they can be applied to strengthen security posture in a SaaS business.

• Strong interpersonal skills - Senior stakeholder negotiation and influence / external vendor relationships.

Excellent written and verbal communication skills with the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists.

• Proven experience of Least Privileged / Zero Trust adoption, Data Leakage Protection strategies in enterprise businesses.

• Strong experience having developed and managed business continuity and disaster recovery plans for large-scale SaaS businesses.

• Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.

• Must be a collaborative security leader with strong business acumen, critical thinker and have effective problem-solving skills.

• In-depth knowledge and understanding of Data Protection legislation, especially the UK Data Protection Act 2018 (GDPR) and the Australian Privacy Act 1988 and how to effectively apply controls across the business.

• Deep understanding of data security across the business.

• Experience working with third-party managed service suppliers including outsourced SOC.

• Sound knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies.

If you would like more information on this role please drop me an email with your CV to