Title: Business Information Security Officer

Reference No: 2143

Company: Financial Services

Location: Can be based in UK, Ireland, Belgium, Luxembourg or Isle of Man

Reports to Group CISO

Salary: £90,000 or similar

The Role

The Business Information Security Officer is a key role in ensuring appropriate security posture of the Group. You will join a growing information security team and take accountability for managing information security for local business units. The Group operates across 10+ offices and data centre locations globally and is actively expanding into new territories.

Responsibilities

• Manage security governance, risk and compliance of business units (and their branches) in Belgium, Luxembourg, Ireland, Isle of Man, Bermuda, the UK, Singapore, Italy and Spain.
• Participate in relevant Risk & Compliance Committees and service review forums.
• Collaborate with business stakeholders by engaging with various business units, security teams, and other stakeholders to understand their requirements, identify areas for improvement, and gather relevant information to support security initiatives.
• Conduct risk control self-assessments. Conduct comprehensive analysis of business needs, security policies, and regulatory requirements to develop a deep understanding of security objectives. Translate these objectives into actionable requirements and recommendations. Implement the requirements in local business units.
• Develop and maintain relevant documentation (inc. policies, processes, standards, procedures). Maintain accurate and up-to-date records to ensure accuracy of reporting.
• Work closely with the business, IT and security team to develop effective security solutions aligned with business objectives. Evaluate existing processes, systems, and technologies to identify potential gaps, risks, and opportunities for improvement.
• Coordinate and participate in management of security projects, ensuring timely delivery, effective resource allocation, and adherence to project timelines and budgets. Collaborate with cross-functional teams to ensure smooth implementation of security initiatives.
• Produce accurate reporting and status updates for key stakeholders including the Executive & Board Committees.
• Communicate complex security concepts and requirements in a clear and concise manner to both technical and non-technical stakeholders
• Provide security consultancy to business initiatives. Support business programmes and projects.
• Contribute to the security vision, strategy and tactical plans for Information Security in the company
• Present current security risks and threats at technical and managerial levels.
• Participate in Information Security Incident Response activities.
• Monitor compliance with the organization's information security policies and procedures among employees, contractors and third parties.
• Liaison with key stakeholders to create and enforce policy including business departments, IT, Legal, Internal Audit, and Compliance.
• Lead the effort to ensure security compliance in accordance with regulatory requirements.

Role Requirements

• Minimum of 3 years’ experience in similar role (GRC), 5 years’ experience in Information Security
• Strong experience in defining and implementing security risk control management frameworks - i.e. CIS/SANS20, NIST CSF, ISO27001/27002, COBIT
• Strong experience in system and network security
• Strong experience dealing with Internal Audit and Risk Management functions
• Experience in 2nd Line of Defence (Risk) - a plus
• Experience in Security Operations - a plus
• Ability to develop and implement strategies to ensure compliance with industry and data protection regulations (such as BMA, MAS, EU regulations, DORA, GDPR).
• Knowledge and experience using security and Enterprise Risk Management tools.
• Demonstratable experience working within hybrid (on-site and cloud based) environment
• Ability to work independently and think proactively
• Ability to deliver results through influencing others
• Ability to effectively communicate with C-level executives and business managers
• Good interpersonal, written and verbal communication and engagement skills with experience engaging own team, all levels of employees and external partners
• Must have project management and organisational skills required to manage multiple priorities in a fast-paced environment.
• Must have high attention to detail; be a self-starter and able to prioritize in a fast moving, high pressure, constantly changing environment; high sense of urgency
• Be energetic, passionate with a positive attitude
• Relevant security certifications (CISSP, CISM, GCIA, CRISC, CGEIT, CCISO, etc.)
• Excellent English language skills
• French language skills - a plus
• Dutch/Flemish language skills - a plus