To support the Chief Information Security Officer in managing and reporting the Information Security Risks faced by Technology Services (TS) in delivering AJ Bell's systems and services. This role is responsible for facilitating the secure delivery of AJ Bell's technology and business change. The Information Security Architect will play a lead role in designing and implementing security controls and processes. Key to this is assisting and supporting our colleagues in achieving their goals, but in a secure manner. The key responsibilities of the role are: Subject matter expertise for security best practice, ensuring the maintenance of the confidentiality, integrity and availability of AJ Bell's systems and data. Design and implementation of enterprise security technology controls and platforms, following industry best practices. Supporting and advising on projects and change initiatives to ensure that there is no negative impact on our security posture Carrying out internal security reviews both on solutions we develop in house and third-party solutions. Supporting audit and due diligence activities within Technology Services Working with Information Security, Infrastructure and Architecture to define security standards. Acts as an integration point between the CISO and AJ Bell business and technology teams to ensure security is embedded across the organisation Technical Skills: Demonstrable experience of implementing enterprise security platforms Previous experience of delivering and maintaining of technical enterprise security solutions for (but not limited to) the following areas: End Point Protection, Cloud Security, Network Security, DevOps, Security Monitoring & Remediation is advantageous. Knowledge of Secure Software Development Life Cycle best practices Strong understanding and knowledge of Information Security risk management tools and techniques Experience of security governance and compliance, ideally gained in financial services organisations Demonstrable understanding of Information Security control standards and frameworks e.g. ISO27001, NIST, PCI DSS Awareness and understanding of the Information Security threat landscape Deep understanding of Information Security solutions and controls Experience of Cloud security solutions and standards is highly advantageous Competence, knowledge, and skills Competence Experience working within recognised Information Security frameworks and best practices such as ISO27001, NIST etc. 5 years' experience in an Information Security role gained in a financial services or e-commerce environment is preferred Knowledge & Skills Excellent communicator, able to translate complex topics to all areas of the business Significant experience in the area of Information security Strong knowledge of core IT and networking concepts Well versed in IT security capabilities, framework and concepts Strong ownership of tasks, attention to detail and following through to conclusion Ability to challenge approach, strategy and implementation to ensure Information Security is consistently considered and improved Ability to work under own initiative to plan and communicate effectively with colleagues and customers Structured, self-starting, flexible and enjoy working in fast-paced environments Effective communication skills, both written and verbal Ability to plan, organise and follow through on assigned tasks and complete with little or no prompting from management Excellent attention to detail Attained CISSP or similar certification About us: AJ Bell is one of the fastest-growing investment platform businesses in the UK offering an award-winning range of solutions that caters for everyone, from professional financial advisers to DIY investors with little to no experience. We have over 593,000 customers using our award-winning platform propositions to manage assets totalling more than £90.4 billion. Our customers trust us with their investments, and by continuously striving to make investing easier, we aim to help even more people take control of their financial futures. Having listed on the Main Market of the London Stock Exchange in December 2018, AJ Bell is now a FTSE 250 company. Headquartered in Manchester with offices in central London and Bristol, we now have over 1,500 employees and have been named one of the UK's 'Best 100 Companies to Work For' for six consecutive years and in 2025 named a Great Place to Work. At AJ Bell you can expect a friendly working environment with a strong sense of teamwork, we have a great sense of pride in what we do, and this is reflected in our guiding principles. Our perks and benefits: Starting holiday entitlement of 26days, increasing up to 31 days with length of service and a holiday buy and sell scheme A choice of pension schemes with matched contributions up to 6% Discretionary bonus scheme Annual free share awards scheme Buy As You Earn (BAYE) Scheme Health Cash Plan - provided by SimplyHealth Discounted private healthcare scheme and dental plan Freeon-site gym providing a wide range of free classes Employee Assistance Programme Sick pay+ pledge Enhanced maternity, paternity, and shared parental leave Discounted nursery fees at Kids Planet on Exchange Quay Loans for travel season tickets Charitable giving opportunities through salary sacrifice Calendar of social events, including monthly payday drinks, annual Christmas party, summer party and much more Parking at Exchange Quay (Subject to availability) Personal development programmes built around you and your career goals, including access to personal skills workshops Ongoing technical training Peer recognition scheme, with rewards including restaurant and shopping vouchers or time off Monthly leadership breakfasts and lunches Casual dress code Access to a range of benefits from our sponsorship deals At AJ Bell, our people are the heart of our culture. We believe in building strong connections by working together. That's why we offer a hybrid working model, where you'll spend a minimum of 50% of the month in the office. For new team members, the first 3 months will be spent full-time in the office to help you immerse yourself in our business and build valuable relationships with your colleagues. AJ Bell is committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and all employees are empowered to bring their whole self to work. We do not discriminate on the basis of race, sex, gender identity, sexual orientation, age, pregnancy, religion, physical and mental disability, marital status and any other characteristics protected by the Equality Act 2010. All decisions to hire are based on qualifications, merit and business need. If you like the sound of the above, or just want to know more about the company and the role, we'd love to speak to you.
Jul 04, 2025
Full time
To support the Chief Information Security Officer in managing and reporting the Information Security Risks faced by Technology Services (TS) in delivering AJ Bell's systems and services. This role is responsible for facilitating the secure delivery of AJ Bell's technology and business change. The Information Security Architect will play a lead role in designing and implementing security controls and processes. Key to this is assisting and supporting our colleagues in achieving their goals, but in a secure manner. The key responsibilities of the role are: Subject matter expertise for security best practice, ensuring the maintenance of the confidentiality, integrity and availability of AJ Bell's systems and data. Design and implementation of enterprise security technology controls and platforms, following industry best practices. Supporting and advising on projects and change initiatives to ensure that there is no negative impact on our security posture Carrying out internal security reviews both on solutions we develop in house and third-party solutions. Supporting audit and due diligence activities within Technology Services Working with Information Security, Infrastructure and Architecture to define security standards. Acts as an integration point between the CISO and AJ Bell business and technology teams to ensure security is embedded across the organisation Technical Skills: Demonstrable experience of implementing enterprise security platforms Previous experience of delivering and maintaining of technical enterprise security solutions for (but not limited to) the following areas: End Point Protection, Cloud Security, Network Security, DevOps, Security Monitoring & Remediation is advantageous. Knowledge of Secure Software Development Life Cycle best practices Strong understanding and knowledge of Information Security risk management tools and techniques Experience of security governance and compliance, ideally gained in financial services organisations Demonstrable understanding of Information Security control standards and frameworks e.g. ISO27001, NIST, PCI DSS Awareness and understanding of the Information Security threat landscape Deep understanding of Information Security solutions and controls Experience of Cloud security solutions and standards is highly advantageous Competence, knowledge, and skills Competence Experience working within recognised Information Security frameworks and best practices such as ISO27001, NIST etc. 5 years' experience in an Information Security role gained in a financial services or e-commerce environment is preferred Knowledge & Skills Excellent communicator, able to translate complex topics to all areas of the business Significant experience in the area of Information security Strong knowledge of core IT and networking concepts Well versed in IT security capabilities, framework and concepts Strong ownership of tasks, attention to detail and following through to conclusion Ability to challenge approach, strategy and implementation to ensure Information Security is consistently considered and improved Ability to work under own initiative to plan and communicate effectively with colleagues and customers Structured, self-starting, flexible and enjoy working in fast-paced environments Effective communication skills, both written and verbal Ability to plan, organise and follow through on assigned tasks and complete with little or no prompting from management Excellent attention to detail Attained CISSP or similar certification About us: AJ Bell is one of the fastest-growing investment platform businesses in the UK offering an award-winning range of solutions that caters for everyone, from professional financial advisers to DIY investors with little to no experience. We have over 593,000 customers using our award-winning platform propositions to manage assets totalling more than £90.4 billion. Our customers trust us with their investments, and by continuously striving to make investing easier, we aim to help even more people take control of their financial futures. Having listed on the Main Market of the London Stock Exchange in December 2018, AJ Bell is now a FTSE 250 company. Headquartered in Manchester with offices in central London and Bristol, we now have over 1,500 employees and have been named one of the UK's 'Best 100 Companies to Work For' for six consecutive years and in 2025 named a Great Place to Work. At AJ Bell you can expect a friendly working environment with a strong sense of teamwork, we have a great sense of pride in what we do, and this is reflected in our guiding principles. Our perks and benefits: Starting holiday entitlement of 26days, increasing up to 31 days with length of service and a holiday buy and sell scheme A choice of pension schemes with matched contributions up to 6% Discretionary bonus scheme Annual free share awards scheme Buy As You Earn (BAYE) Scheme Health Cash Plan - provided by SimplyHealth Discounted private healthcare scheme and dental plan Freeon-site gym providing a wide range of free classes Employee Assistance Programme Sick pay+ pledge Enhanced maternity, paternity, and shared parental leave Discounted nursery fees at Kids Planet on Exchange Quay Loans for travel season tickets Charitable giving opportunities through salary sacrifice Calendar of social events, including monthly payday drinks, annual Christmas party, summer party and much more Parking at Exchange Quay (Subject to availability) Personal development programmes built around you and your career goals, including access to personal skills workshops Ongoing technical training Peer recognition scheme, with rewards including restaurant and shopping vouchers or time off Monthly leadership breakfasts and lunches Casual dress code Access to a range of benefits from our sponsorship deals At AJ Bell, our people are the heart of our culture. We believe in building strong connections by working together. That's why we offer a hybrid working model, where you'll spend a minimum of 50% of the month in the office. For new team members, the first 3 months will be spent full-time in the office to help you immerse yourself in our business and build valuable relationships with your colleagues. AJ Bell is committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and all employees are empowered to bring their whole self to work. We do not discriminate on the basis of race, sex, gender identity, sexual orientation, age, pregnancy, religion, physical and mental disability, marital status and any other characteristics protected by the Equality Act 2010. All decisions to hire are based on qualifications, merit and business need. If you like the sound of the above, or just want to know more about the company and the role, we'd love to speak to you.
Who we are We're the people behind global loyalty currency, Avios, and home to two ambitious, growing businesses across Loyalty and Holidays. Each business has its own goals, strategy and team, but collectively we share a purpose to create the world's most rewarding experiences for our customers through loyalty programmes, new products and holidays. Get the full IAG Loyalty lowdown, here. We're on a truly exciting journey of growth and transformation - we're going places! It means we have a fantastic story to tell our people and the rest of the world. This is where you come in. The opportunity We have a brand new opportunity for an experienced Chief Information Security Officer (CISO) to lead the information and cyber security strategy across IAG Loyalty companies, which include Loyalty (the Avios currency) and British Airways Holidays. Reporting to the Chief Technology, Data & AI Officer you'll establish a unified security vision and governance framework, while tailoring risk-based solutions to the unique needs of each company. You'll be the principal advisor to the executive team and board on cybersecurity matters affecting our businesses, but you'll also play a key role across the wider IAG group of companies to develop and implement an aligned federated security governance model. Your leadership role goes beyond security; you'll also be a key stakeholder and peer within our broader Senior Leadership Community, helping to drive business growth and manage change To be successful in this role you'll need to be a leader who can operate at both strategic and operational levels across diverse business environments. What you'll get up to Standardise information security policies, frameworks, and controls across all entities, while allowing flexibility for business specific regulations. Oversee Cyber security regulatory compliance initiatives ns (e.g. NIST, ISO 27001, SOC2 compliance). Lead the design and operation of shared security services between IAG Loyalty and IAG airlines (e.g., threat detection, incident response, intel management, data sharing) at the group level. Establish clear escalation protocols and cross-company incident response procedures. Align security initiatives with individual business unit goals while maintaining IAG Loyalty wide consistency and efficiency. Present risk reports, maturity assessments, and board-level dashboards to group leadership. Drive adoption of advanced security technologies, automation, and intelligence-sharing across the group. Evaluate and manage third-party security risks, including vendors and strategic partners. Prepare our security landscape for an AI driven future What we need from you Youll have considerable progressive security experience, including a number of years in a senior leadership role of cyber functions in scale-up or high-growth environments, where youve had to be hands-on, commercial, and adaptable You have a proven track record of establishing and scaling company-wide security programs Youll have a strong understanding of risk management, compliance frameworks, cloud security, and modern enterprise architecture in an agile working practices environment. Youll have recognised security certifications: CISSP, CISM, CISA, CRISC, or similar. Youll possess a strategic growth mindset balanced with a security first approach We might not be right for you if: You only want to focus on your to-do list; were a small, high-performing team, we help each other to succeed. You value perfection over fast iteration and progress; IAG Loyalty moves fast, we learn and iterate as we go; our environment isnt right for everyone. Youre looking to create but not build; this is an end-to-end role, you need to be comfortable owning your space, from ideation through to delivery and review. Equity, Diversity and Inclusion at IAG Loyalty Our vision, 'to create the world's most rewarding experiences,' applies not only to our customers but for our colleagues too. It's about taking belonging seriously, actively fostering a culture where everyone feels welcomed and valued by embracing diverse identities, personal histories, and perspectives. This commitment makes IAG Loyalty a rewarding place to work and enhances our ability to solve complex problems, drive innovation, and better serve our customers and communities. Please let us know if we can make any reasonable adjustments to support your interview process with us.
Jul 03, 2025
Full time
Who we are We're the people behind global loyalty currency, Avios, and home to two ambitious, growing businesses across Loyalty and Holidays. Each business has its own goals, strategy and team, but collectively we share a purpose to create the world's most rewarding experiences for our customers through loyalty programmes, new products and holidays. Get the full IAG Loyalty lowdown, here. We're on a truly exciting journey of growth and transformation - we're going places! It means we have a fantastic story to tell our people and the rest of the world. This is where you come in. The opportunity We have a brand new opportunity for an experienced Chief Information Security Officer (CISO) to lead the information and cyber security strategy across IAG Loyalty companies, which include Loyalty (the Avios currency) and British Airways Holidays. Reporting to the Chief Technology, Data & AI Officer you'll establish a unified security vision and governance framework, while tailoring risk-based solutions to the unique needs of each company. You'll be the principal advisor to the executive team and board on cybersecurity matters affecting our businesses, but you'll also play a key role across the wider IAG group of companies to develop and implement an aligned federated security governance model. Your leadership role goes beyond security; you'll also be a key stakeholder and peer within our broader Senior Leadership Community, helping to drive business growth and manage change To be successful in this role you'll need to be a leader who can operate at both strategic and operational levels across diverse business environments. What you'll get up to Standardise information security policies, frameworks, and controls across all entities, while allowing flexibility for business specific regulations. Oversee Cyber security regulatory compliance initiatives ns (e.g. NIST, ISO 27001, SOC2 compliance). Lead the design and operation of shared security services between IAG Loyalty and IAG airlines (e.g., threat detection, incident response, intel management, data sharing) at the group level. Establish clear escalation protocols and cross-company incident response procedures. Align security initiatives with individual business unit goals while maintaining IAG Loyalty wide consistency and efficiency. Present risk reports, maturity assessments, and board-level dashboards to group leadership. Drive adoption of advanced security technologies, automation, and intelligence-sharing across the group. Evaluate and manage third-party security risks, including vendors and strategic partners. Prepare our security landscape for an AI driven future What we need from you Youll have considerable progressive security experience, including a number of years in a senior leadership role of cyber functions in scale-up or high-growth environments, where youve had to be hands-on, commercial, and adaptable You have a proven track record of establishing and scaling company-wide security programs Youll have a strong understanding of risk management, compliance frameworks, cloud security, and modern enterprise architecture in an agile working practices environment. Youll have recognised security certifications: CISSP, CISM, CISA, CRISC, or similar. Youll possess a strategic growth mindset balanced with a security first approach We might not be right for you if: You only want to focus on your to-do list; were a small, high-performing team, we help each other to succeed. You value perfection over fast iteration and progress; IAG Loyalty moves fast, we learn and iterate as we go; our environment isnt right for everyone. Youre looking to create but not build; this is an end-to-end role, you need to be comfortable owning your space, from ideation through to delivery and review. Equity, Diversity and Inclusion at IAG Loyalty Our vision, 'to create the world's most rewarding experiences,' applies not only to our customers but for our colleagues too. It's about taking belonging seriously, actively fostering a culture where everyone feels welcomed and valued by embracing diverse identities, personal histories, and perspectives. This commitment makes IAG Loyalty a rewarding place to work and enhances our ability to solve complex problems, drive innovation, and better serve our customers and communities. Please let us know if we can make any reasonable adjustments to support your interview process with us.
Who we are We're the people behind global loyalty currency, Avios, and home to two ambitious, growing businesses across Loyalty and Holidays. Each business has its own goals, strategy and team, but collectively we share a purpose to create the world's most rewarding experiences for our customers through loyalty programmes, new products and holidays. Get the full IAG Loyalty lowdown, here. We're on a truly exciting journey of growth and transformation - we're going places! It means we have a fantastic story to tell our people and the rest of the world. This is where you come in. The opportunity We have a brand new opportunity for an experienced Chief Information Security Officer (CISO) to lead the information and cyber security strategy across IAG Loyalty companies, which include Loyalty (the Avios currency) and British Airways Holidays. Reporting to the Chief Technology, Data & AI Officer you'll establish a unified security vision and governance framework, while tailoring risk-based solutions to the unique needs of each company. You'll be the principal advisor to the executive team and board on cybersecurity matters affecting our businesses, but you'll also play a key role across the wider IAG group of companies to develop and implement an aligned federated security governance model. Your leadership role goes beyond security; you'll also be a key stakeholder and peer within our broader Senior Leadership Community, helping to drive business growth and manage change To be successful in this role you'll need to be a leader who can operate at both strategic and operational levels across diverse business environments. What you'll get up to Standardise information security policies, frameworks, and controls across all entities, while allowing flexibility for business specific regulations. Oversee Cyber security regulatory compliance initiatives ns (e.g. NIST, ISO 27001, SOC2 compliance). Lead the design and operation of shared security services between IAG Loyalty and IAG airlines (e.g., threat detection, incident response, intel management, data sharing) at the group level. Establish clear escalation protocols and cross-company incident response procedures. Align security initiatives with individual business unit goals while maintaining IAG Loyalty wide consistency and efficiency. Present risk reports, maturity assessments, and board-level dashboards to group leadership. Drive adoption of advanced security technologies, automation, and intelligence-sharing across the group. Evaluate and manage third-party security risks, including vendors and strategic partners. Prepare our security landscape for an AI driven future What we need from you You'll have considerable progressive security experience, including a number of years in a senior leadership role of cyber functions in scale-up or high-growth environments, where you've had to be hands-on, commercial, and adaptable You have a proven track record of establishing and scaling company-wide security programs You'll have a strong understanding of risk management, compliance frameworks, cloud security, and modern enterprise architecture in an agile working practices environment. You'll have recognised security certifications: CISSP, CISM, CISA, CRISC, or similar. You'll possess a strategic growth mindset balanced with a security first approach We might not be right for you if: You only want to focus on your to-do list; we're a small, high-performing team, we help each other to succeed. You value perfection over fast iteration and progress; IAG Loyalty moves fast, we learn and iterate as we go; our environment isn't right for everyone. You're looking to create but not build; this is an end-to-end role, you need to be comfortable owning your space, from ideation through to delivery and review. Equity, Diversity and Inclusion at IAG Loyalty Our vision, 'to create the world's most rewarding experiences,' applies not only to our customers but for our colleagues too. It's about taking belonging seriously, actively fostering a culture where everyone feels welcomed and valued by embracing diverse identities, personal histories, and perspectives. This commitment makes IAG Loyalty a rewarding place to work and enhances our ability to solve complex problems, drive innovation, and better serve our customers and communities. Please let us know if we can make any reasonable adjustments to support your interview process with us.
Jul 03, 2025
Full time
Who we are We're the people behind global loyalty currency, Avios, and home to two ambitious, growing businesses across Loyalty and Holidays. Each business has its own goals, strategy and team, but collectively we share a purpose to create the world's most rewarding experiences for our customers through loyalty programmes, new products and holidays. Get the full IAG Loyalty lowdown, here. We're on a truly exciting journey of growth and transformation - we're going places! It means we have a fantastic story to tell our people and the rest of the world. This is where you come in. The opportunity We have a brand new opportunity for an experienced Chief Information Security Officer (CISO) to lead the information and cyber security strategy across IAG Loyalty companies, which include Loyalty (the Avios currency) and British Airways Holidays. Reporting to the Chief Technology, Data & AI Officer you'll establish a unified security vision and governance framework, while tailoring risk-based solutions to the unique needs of each company. You'll be the principal advisor to the executive team and board on cybersecurity matters affecting our businesses, but you'll also play a key role across the wider IAG group of companies to develop and implement an aligned federated security governance model. Your leadership role goes beyond security; you'll also be a key stakeholder and peer within our broader Senior Leadership Community, helping to drive business growth and manage change To be successful in this role you'll need to be a leader who can operate at both strategic and operational levels across diverse business environments. What you'll get up to Standardise information security policies, frameworks, and controls across all entities, while allowing flexibility for business specific regulations. Oversee Cyber security regulatory compliance initiatives ns (e.g. NIST, ISO 27001, SOC2 compliance). Lead the design and operation of shared security services between IAG Loyalty and IAG airlines (e.g., threat detection, incident response, intel management, data sharing) at the group level. Establish clear escalation protocols and cross-company incident response procedures. Align security initiatives with individual business unit goals while maintaining IAG Loyalty wide consistency and efficiency. Present risk reports, maturity assessments, and board-level dashboards to group leadership. Drive adoption of advanced security technologies, automation, and intelligence-sharing across the group. Evaluate and manage third-party security risks, including vendors and strategic partners. Prepare our security landscape for an AI driven future What we need from you You'll have considerable progressive security experience, including a number of years in a senior leadership role of cyber functions in scale-up or high-growth environments, where you've had to be hands-on, commercial, and adaptable You have a proven track record of establishing and scaling company-wide security programs You'll have a strong understanding of risk management, compliance frameworks, cloud security, and modern enterprise architecture in an agile working practices environment. You'll have recognised security certifications: CISSP, CISM, CISA, CRISC, or similar. You'll possess a strategic growth mindset balanced with a security first approach We might not be right for you if: You only want to focus on your to-do list; we're a small, high-performing team, we help each other to succeed. You value perfection over fast iteration and progress; IAG Loyalty moves fast, we learn and iterate as we go; our environment isn't right for everyone. You're looking to create but not build; this is an end-to-end role, you need to be comfortable owning your space, from ideation through to delivery and review. Equity, Diversity and Inclusion at IAG Loyalty Our vision, 'to create the world's most rewarding experiences,' applies not only to our customers but for our colleagues too. It's about taking belonging seriously, actively fostering a culture where everyone feels welcomed and valued by embracing diverse identities, personal histories, and perspectives. This commitment makes IAG Loyalty a rewarding place to work and enhances our ability to solve complex problems, drive innovation, and better serve our customers and communities. Please let us know if we can make any reasonable adjustments to support your interview process with us.
AJ Bell Business Solutions Limited
Salford, Manchester
To support the Chief Information Security Officer in managing and reporting the Information Security Risks faced by Technology Services (TS) in delivering AJ Bell s systems and services. This role is responsible for facilitating the secure delivery of AJ Bell s technology and business change. The Information Security Architect will play a lead role in designing and implementing security controls and processes. Key to this is assisting and supporting our colleagues in achieving their goals, but in a secure manner. The key responsibilities of the role are: Subject matter expertise for security best practice, ensuring the maintenance of the confidentiality, integrity and availability of AJ Bell s systems and data. Design and implementation of enterprise security technology controls and platforms, following industry best practices. Supporting and advising on projects and change initiatives to ensure that there is no negative impact on our security posture Carrying out internal security reviews both on solutions we develop in house and third-party solutions. Supporting audit and due diligence activities within Technology Services Working with Information Security, Infrastructure and Architecture to define security standards. Acts as an integration point between the CISO and AJ Bell business and technology teams to ensure security is embedded across the organisation Competence, knowledge, and skills Competence Experience working within recognised Information Security frameworks and best practices such as ISO27001, NIST etc. 5 years experience in an Information Security role gained in a financial services or e-commerce environment is preferred Knowledge & Technical Skills: Demonstrable experience of implementing enterprise security platforms Previous experience of delivering and maintaining of technical enterprise security solutions for (but not limited to) the following areas: End Point Protection, Cloud Security, Network Security, DevOps, Security Monitoring & Remediation is advantageous. Knowledge of Secure Software Development Life Cycle best practices Strong understanding and knowledge of Information Security risk management tools and techniques Experience of security governance and compliance, ideally gained in financial services organisations Demonstrable understanding of Information Security control standards and frameworks e.g. ISO27001, NIST, PCI DSS Awareness and understanding of the Information Security threat landscape Deep understanding of Information Security solutions and controls Experience of Cloud security solutions and standards is highly advantageous Attained CISSP or similar certification About us: AJ Bell is one of the fastest-growing investment platform businesses in the UK offering an award-winning range of solutions that caters for everyone, from professional financial advisers to DIY investors with little to no experience. We have over 593,000 customers using our award-winning platform propositions to manage assets totalling more than £90.4 billion. Our customers trust us with their investments, and by continuously striving to make investing easier, we aim to help even more people take control of their financial futures. Having listed on the Main Market of the London Stock Exchange in December 2018, AJ Bell is now a FTSE 250 company. Headquartered in Manchester with offices in central London and Bristol, we now have over 1,500 employees and have been named one of the UK's 'Best 100 Companies to Work For for six consecutive years and in 2025 named a Great Place to Work . At AJ Bell you can expect a friendly working environment with a strong sense of teamwork, we have a great sense of pride in what we do, and this is reflected in our guiding principles. Our perks and benefits: Starting holiday entitlement of 26 days, increasing up to 31 days with length of service and a holiday buy and sell scheme A choice of pension schemes with matched contributions up to 6% Discretionary bonus scheme Annual free share awards scheme & Buy As You Earn (BAYE) Scheme Health Cash Plan provided by SimplyHealth & Discounted private healthcare scheme and dental plan Free on-site gym providing a wide range of free classes Bike loan scheme, Loans for travel season tickets & Parking at Exchange Quay (Subject to availability) Enhanced maternity, paternity, and shared parental leave & Discounted nursery fees at Kids Planet on Exchange Quay Death in service scheme Calendar of social events, including monthly payday drinks, annual Christmas party, summer party and much more Ongoing technical training, Professional qualification support & Talent development programmes Hybrid working: At AJ Bell, our people are the heart of our culture. We believe in building strong connections by working together. That's why we offer a hybrid working model, where you'll spend a minimum of 50% of the month in the office. For new team members, the first 3 months will be spent full-time in the office to help you immerse yourself in our business and build valuable relationships with your colleagues. AJ Bell is committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and all employees are empowered to bring their whole self to work. We do not discriminate on the basis of race, sex, gender identity, sexual orientation, age, pregnancy, religion, physical and mental disability, marital status and any other characteristics protected by the Equality Act 2010. All decisions to hire are based on qualifications, merit and business need. If you like the sound of the above, or just want to know more about the company and the role, we'd love to speak to you
Jun 27, 2025
Full time
To support the Chief Information Security Officer in managing and reporting the Information Security Risks faced by Technology Services (TS) in delivering AJ Bell s systems and services. This role is responsible for facilitating the secure delivery of AJ Bell s technology and business change. The Information Security Architect will play a lead role in designing and implementing security controls and processes. Key to this is assisting and supporting our colleagues in achieving their goals, but in a secure manner. The key responsibilities of the role are: Subject matter expertise for security best practice, ensuring the maintenance of the confidentiality, integrity and availability of AJ Bell s systems and data. Design and implementation of enterprise security technology controls and platforms, following industry best practices. Supporting and advising on projects and change initiatives to ensure that there is no negative impact on our security posture Carrying out internal security reviews both on solutions we develop in house and third-party solutions. Supporting audit and due diligence activities within Technology Services Working with Information Security, Infrastructure and Architecture to define security standards. Acts as an integration point between the CISO and AJ Bell business and technology teams to ensure security is embedded across the organisation Competence, knowledge, and skills Competence Experience working within recognised Information Security frameworks and best practices such as ISO27001, NIST etc. 5 years experience in an Information Security role gained in a financial services or e-commerce environment is preferred Knowledge & Technical Skills: Demonstrable experience of implementing enterprise security platforms Previous experience of delivering and maintaining of technical enterprise security solutions for (but not limited to) the following areas: End Point Protection, Cloud Security, Network Security, DevOps, Security Monitoring & Remediation is advantageous. Knowledge of Secure Software Development Life Cycle best practices Strong understanding and knowledge of Information Security risk management tools and techniques Experience of security governance and compliance, ideally gained in financial services organisations Demonstrable understanding of Information Security control standards and frameworks e.g. ISO27001, NIST, PCI DSS Awareness and understanding of the Information Security threat landscape Deep understanding of Information Security solutions and controls Experience of Cloud security solutions and standards is highly advantageous Attained CISSP or similar certification About us: AJ Bell is one of the fastest-growing investment platform businesses in the UK offering an award-winning range of solutions that caters for everyone, from professional financial advisers to DIY investors with little to no experience. We have over 593,000 customers using our award-winning platform propositions to manage assets totalling more than £90.4 billion. Our customers trust us with their investments, and by continuously striving to make investing easier, we aim to help even more people take control of their financial futures. Having listed on the Main Market of the London Stock Exchange in December 2018, AJ Bell is now a FTSE 250 company. Headquartered in Manchester with offices in central London and Bristol, we now have over 1,500 employees and have been named one of the UK's 'Best 100 Companies to Work For for six consecutive years and in 2025 named a Great Place to Work . At AJ Bell you can expect a friendly working environment with a strong sense of teamwork, we have a great sense of pride in what we do, and this is reflected in our guiding principles. Our perks and benefits: Starting holiday entitlement of 26 days, increasing up to 31 days with length of service and a holiday buy and sell scheme A choice of pension schemes with matched contributions up to 6% Discretionary bonus scheme Annual free share awards scheme & Buy As You Earn (BAYE) Scheme Health Cash Plan provided by SimplyHealth & Discounted private healthcare scheme and dental plan Free on-site gym providing a wide range of free classes Bike loan scheme, Loans for travel season tickets & Parking at Exchange Quay (Subject to availability) Enhanced maternity, paternity, and shared parental leave & Discounted nursery fees at Kids Planet on Exchange Quay Death in service scheme Calendar of social events, including monthly payday drinks, annual Christmas party, summer party and much more Ongoing technical training, Professional qualification support & Talent development programmes Hybrid working: At AJ Bell, our people are the heart of our culture. We believe in building strong connections by working together. That's why we offer a hybrid working model, where you'll spend a minimum of 50% of the month in the office. For new team members, the first 3 months will be spent full-time in the office to help you immerse yourself in our business and build valuable relationships with your colleagues. AJ Bell is committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and all employees are empowered to bring their whole self to work. We do not discriminate on the basis of race, sex, gender identity, sexual orientation, age, pregnancy, religion, physical and mental disability, marital status and any other characteristics protected by the Equality Act 2010. All decisions to hire are based on qualifications, merit and business need. If you like the sound of the above, or just want to know more about the company and the role, we'd love to speak to you
Job Title: Information Governance Manager Band: 7 Contract Type: Fixed Term - 6 Months Start Date: As soon as possible Location: Croydon Working Hours: 37.5 hours per week Work Pattern: Hybrid - 3 days on-site, 2 days remote About the Role We are seeking an experienced and proactive Information Governance (IG) Manager to join our team at Croydon Healthcare Services. This is a pivotal role, reporting directly to the Chief Information Security Officer (CISO), and leading on key areas of the Trust's Information Governance portfolio. You will be the Trust's subject matter expert on IG, providing strategic and operational leadership, and ensuring compliance with relevant legislation and best practices. This includes managing requests under the Freedom of Information Act 2000, Environmental Information Regulations 2004, and advising on the Data Protection Act 2018. Key Responsibilities Act as the Trust's lead for Information Governance, offering expert advice and guidance across the organisation. Manage and respond to Freedom of Information (FOI) and Environmental Information Regulation (EIR) requests. Provide specialist support on data protection matters, including compliance with the Data Protection Act 2018. Serve as the primary point of contact for IG-related queries and complaints, ensuring timely and compliant responses. Oversee the day-to-day operations of the IG function, including direct line management of the Information Governance Officer. Ensure all IG requests are handled in line with statutory requirements, internal policies, and risk considerations. Deputise for the CISO when required, contributing to the strategic development and implementation of IG policies and procedures. Essential Requirements Recent experience working within the NHS. In-depth knowledge and hands-on experience with the NHS Data Security and Protection Toolkit. Strong understanding of Data Protection, Freedom of Information, and related legislation. Proven ability to lead and manage IG functions in a complex healthcare environment. Excellent communication and stakeholder engagement skills. This is an exciting opportunity to make a meaningful impact on data governance and patient confidentiality within a dynamic NHS Trust. If you're passionate about information governance and ready to take on a leadership role, we'd love to hear from you. Search is an equal opportunities recruiter and we welcome applications from all suitably skilled or qualified applicants, regardless of their race, sex, disability, religion/beliefs, sexual orientation or age
Jun 19, 2025
Contractor
Job Title: Information Governance Manager Band: 7 Contract Type: Fixed Term - 6 Months Start Date: As soon as possible Location: Croydon Working Hours: 37.5 hours per week Work Pattern: Hybrid - 3 days on-site, 2 days remote About the Role We are seeking an experienced and proactive Information Governance (IG) Manager to join our team at Croydon Healthcare Services. This is a pivotal role, reporting directly to the Chief Information Security Officer (CISO), and leading on key areas of the Trust's Information Governance portfolio. You will be the Trust's subject matter expert on IG, providing strategic and operational leadership, and ensuring compliance with relevant legislation and best practices. This includes managing requests under the Freedom of Information Act 2000, Environmental Information Regulations 2004, and advising on the Data Protection Act 2018. Key Responsibilities Act as the Trust's lead for Information Governance, offering expert advice and guidance across the organisation. Manage and respond to Freedom of Information (FOI) and Environmental Information Regulation (EIR) requests. Provide specialist support on data protection matters, including compliance with the Data Protection Act 2018. Serve as the primary point of contact for IG-related queries and complaints, ensuring timely and compliant responses. Oversee the day-to-day operations of the IG function, including direct line management of the Information Governance Officer. Ensure all IG requests are handled in line with statutory requirements, internal policies, and risk considerations. Deputise for the CISO when required, contributing to the strategic development and implementation of IG policies and procedures. Essential Requirements Recent experience working within the NHS. In-depth knowledge and hands-on experience with the NHS Data Security and Protection Toolkit. Strong understanding of Data Protection, Freedom of Information, and related legislation. Proven ability to lead and manage IG functions in a complex healthcare environment. Excellent communication and stakeholder engagement skills. This is an exciting opportunity to make a meaningful impact on data governance and patient confidentiality within a dynamic NHS Trust. If you're passionate about information governance and ready to take on a leadership role, we'd love to hear from you. Search is an equal opportunities recruiter and we welcome applications from all suitably skilled or qualified applicants, regardless of their race, sex, disability, religion/beliefs, sexual orientation or age
Security Engineer (Senior) is required by a Financial Brokerage based in the heart of the city of London, by Bank station paying up to 75k + Bonus + Bens - Hybrid role, 3 days min to be office based This Senior IT Security Engineer role offers a unique chance to shape and enhance the security landscape of a forward-thinking organisation. Working closely with the Chief Information Security Officer (CISO) and a dedicated team of 3, this position allows you to make a tangible impact on security strategy and implementation. Why This Role Stands Out: - Influence and Ownership: Take charge of critical aspects of cybersecurity, from network monitoring to cloud security design, and make strategic decisions that drive the company's security posture forward. - Professional Growth: Engage with cutting-edge technologies and methodologies, including AI, machine learning, and advanced analytics, ensuring you stay at the forefront of the cybersecurity field. - Collaborative Environment: Work alongside a team of skilled professionals and security partners, fostering a culture of continuous improvement and shared expertise. - Comprehensive Benefits: Enjoy a competitive salary, professional development opportunities, and a supportive work environment that values work-life balance. Key Responsibilities: - Maintain and monitor network and devices, ensuring robust security patching and vulnerability management. - Develop and implement information security policies, including business continuity and disaster recovery plans. - Provide hands-on expertise in cloud-based technologies (Azure, AWS) with a focus on security, performance, and scalability. - Design and conduct security testing and training for employees. - Perform risk assessments and analyse current security solutions, recommending enhancements. - Support the adoption of new security technologies and best practices. - Stay abreast of the latest cybersecurity threats, trends, and technologies. Qualifications: - Bachelor's degree in Technology, Cyber Security, IT, or a related field. - Over 4 years of experience in a cybersecurity engineering role. - Technical certifications such as CISSP, CISM, CEH preferred; AWS/Azure certifications highly desirable. - In-depth knowledge of network systems, security products, and solutions (e.g., SentinelOne, Crowdstrike, M365). - Proficiency in risk assessment tools and techniques. - Experience with firewalls, VPN solutions, and IDS. - Familiarity with cybersecurity frameworks and standards (NIST CSF, ISO 27001, PCI DSS, Mitre ATT&CK). - Strong problem-solving skills and the ability to work under pressure. - Effective communication and documentation skills. - Ability to manage multiple tasks in a fast-paced environment and work both independently and as part of a team. This role is more than just a job; it's a platform to make a significant impact in the cybersecurity domain. If you have the expertise and drive to excel in this dynamic field, consider this your next big career move.
Mar 08, 2025
Full time
Security Engineer (Senior) is required by a Financial Brokerage based in the heart of the city of London, by Bank station paying up to 75k + Bonus + Bens - Hybrid role, 3 days min to be office based This Senior IT Security Engineer role offers a unique chance to shape and enhance the security landscape of a forward-thinking organisation. Working closely with the Chief Information Security Officer (CISO) and a dedicated team of 3, this position allows you to make a tangible impact on security strategy and implementation. Why This Role Stands Out: - Influence and Ownership: Take charge of critical aspects of cybersecurity, from network monitoring to cloud security design, and make strategic decisions that drive the company's security posture forward. - Professional Growth: Engage with cutting-edge technologies and methodologies, including AI, machine learning, and advanced analytics, ensuring you stay at the forefront of the cybersecurity field. - Collaborative Environment: Work alongside a team of skilled professionals and security partners, fostering a culture of continuous improvement and shared expertise. - Comprehensive Benefits: Enjoy a competitive salary, professional development opportunities, and a supportive work environment that values work-life balance. Key Responsibilities: - Maintain and monitor network and devices, ensuring robust security patching and vulnerability management. - Develop and implement information security policies, including business continuity and disaster recovery plans. - Provide hands-on expertise in cloud-based technologies (Azure, AWS) with a focus on security, performance, and scalability. - Design and conduct security testing and training for employees. - Perform risk assessments and analyse current security solutions, recommending enhancements. - Support the adoption of new security technologies and best practices. - Stay abreast of the latest cybersecurity threats, trends, and technologies. Qualifications: - Bachelor's degree in Technology, Cyber Security, IT, or a related field. - Over 4 years of experience in a cybersecurity engineering role. - Technical certifications such as CISSP, CISM, CEH preferred; AWS/Azure certifications highly desirable. - In-depth knowledge of network systems, security products, and solutions (e.g., SentinelOne, Crowdstrike, M365). - Proficiency in risk assessment tools and techniques. - Experience with firewalls, VPN solutions, and IDS. - Familiarity with cybersecurity frameworks and standards (NIST CSF, ISO 27001, PCI DSS, Mitre ATT&CK). - Strong problem-solving skills and the ability to work under pressure. - Effective communication and documentation skills. - Ability to manage multiple tasks in a fast-paced environment and work both independently and as part of a team. This role is more than just a job; it's a platform to make a significant impact in the cybersecurity domain. If you have the expertise and drive to excel in this dynamic field, consider this your next big career move.
We are currently recruiting for a Regional Information Security Officer , reporting to the Global Chief Information Security Officer (CISO), to oversee the information security function across the countries and Tunstall entities in their scope. This is an incredibly exciting time to join Tunstall as we embark on an exciting period of transformation. You will be joining a recently created and growing global Information Security team within Tunstall and will be in a leadership position playing a key part in the success of this transformation. This role would be based at our Manchester office working on a hybrid basis. We are flexible on number of days in the office. What will you be doing in this role? As our Regional Security Officer, you will be responsible for implementing, running and overseeing the information security function across the countries and Tunstall entities in your scope, ensuring consistent and strong information security management in support of our business goals and in line with the global Information Security strategy and direction. You will be the main point of contact for security matters in your region and analyse the effectiveness of the security controls of the countries and Tunstall entities in scope, proposing plans for improvement in line with the global strategy. Enforcing the global cyber risk framework, aligning and influencing business and technology areas to prioritise and mitigate key cyber risks and maintaining the risk registry, in alignment with key stakeholders, is vital to the success of this role. The Ideal candidate: To be successful in this role you will have substantial experience in IT and Technology, with considerable experience in a leadership role in cybersecurity, within complex multinational organisations. You will have a deep understanding of the cybersecurity market, trends, risk frameworks and security standards and regulations. The successful candidate will be proactive, with excellent verbal and written communication skills, able to coach and motivate a high performing team, with the ability to manage complexity and make decisions with limited information. What we offer: Hybrid Working, Competitive salary + potential bonus, Car allowance, 25 days holiday + public holidays (pro rata) Holiday purchase scheme, Contributory pension, Paid volunteer day to support a cause you are passionate about, Enhanced maternity, paternity, adoption and shared parental pay entitlements, Private health insurance, Dedicated 24/7 employee benefits platform Verlingue that include things like: free eye tests, retail discounts, EAP WeCare service - including a 24/7 online GP and mental health counselling service, Boost your learning and growth through access to a Talent Library with over 800 courses, covering subjects from business skills to project management essentials, A warm and welcoming team environment, Development and a chance to build a rewarding career. Some of your key tasks will be Main point of contact for security matters for the region, Build a highly engaged and trained team with the required capabilities and competencies to achieve the stated mission. Gain a strong understanding of the business and its operations, and underlying IT, Analyse the effectiveness of the security controls (technical, processes, people) in the countries and businesses in scope, Propose plans towards improvement, in line with the global cybersecurity strategy, Support group-wide initiatives to roll-out new controls or improve existing ones, Enforce the global cyber risk framework to the countries and businesses in scope, aligning and influencing the business and technology areas to prioritise and mitigate key cyber risks, Maintain the risk registry, in alignment with the required stakeholders, Ensure that security is embedded in every regional project delivery process by providing the appropriate information security policies, practices, guidelines and necessary oversight, Proactively work with business units and global functions in InfoSec to support internal and external audits and ensure their success, Support other InfoSec teams and local IT teams during incident management and incident response activities, Liaise with Data Protection Officers for the implementation of data protection processes and controls, and during any data privacy issue, Contribute to obtaining the KPIs and metric values so InfoSec can report on our security posture periodically and consistently, Report in senior-level forums our risk posture and KPIs and metrics, Contribute to create a culture of security by communicating and raising awareness about security risks, Keep a constant innovative, challenging and constructive attitude towards continuous improvement. Key skills and experience: Substantial experience in IT and Technology, with considerable experience in a leadership role in cybersecurity within complex multinational organisations, Previous experience managing cyber incidents in a complex multinational organisation, Proven ability to coach, lead, and motivate a high performing team, Deep understanding of the cybersecurity market, trends, risk frameworks and security standards and regulations, Excellent written and verbal communication skills, able to communicate and influence stakeholders effectively within a multicultural ecosystem, Ability to manage complexity and make decisions with limited information or under uncertainty, Bachelor s degree in computer science, Computer Engineering, Mathematics or similar or have equivalent experience, You must be able to communicate effectively in English (ie CEFR C1). Desirable skills and experience: Spanish or Swedish language skills If you are not sure if you have the relevant skills or experience, then please apply (only takes a few minutes) and let our team review and come back to you. A bit about us: Tunstall is a market-leading health and care technology provider. We re passionate about ensuring our team reflects the brilliant and unique qualities of the people and communities we support. Our incredible team of more than 3,000 colleagues provides life saving and life changing technology and services to millions of people in 18 different countries. At Tunstall you ll find a place where you re valued and celebrated for being yourself. We empower our people to deliver the very best teamwork, innovation and thought leadership by creating an environment where we champion diversity and inclusion. We demonstrate our commitment to diversity and inclusion at each step. From our open, fair, and transparent recruitment processes, through to the many development and career growth opportunities we provide. Each Tunstall colleague has a superpower they re unique. No one else is them, and we think that s special. Come and join our mission and be part of our team, our One Tunstall team.
Mar 08, 2025
Full time
We are currently recruiting for a Regional Information Security Officer , reporting to the Global Chief Information Security Officer (CISO), to oversee the information security function across the countries and Tunstall entities in their scope. This is an incredibly exciting time to join Tunstall as we embark on an exciting period of transformation. You will be joining a recently created and growing global Information Security team within Tunstall and will be in a leadership position playing a key part in the success of this transformation. This role would be based at our Manchester office working on a hybrid basis. We are flexible on number of days in the office. What will you be doing in this role? As our Regional Security Officer, you will be responsible for implementing, running and overseeing the information security function across the countries and Tunstall entities in your scope, ensuring consistent and strong information security management in support of our business goals and in line with the global Information Security strategy and direction. You will be the main point of contact for security matters in your region and analyse the effectiveness of the security controls of the countries and Tunstall entities in scope, proposing plans for improvement in line with the global strategy. Enforcing the global cyber risk framework, aligning and influencing business and technology areas to prioritise and mitigate key cyber risks and maintaining the risk registry, in alignment with key stakeholders, is vital to the success of this role. The Ideal candidate: To be successful in this role you will have substantial experience in IT and Technology, with considerable experience in a leadership role in cybersecurity, within complex multinational organisations. You will have a deep understanding of the cybersecurity market, trends, risk frameworks and security standards and regulations. The successful candidate will be proactive, with excellent verbal and written communication skills, able to coach and motivate a high performing team, with the ability to manage complexity and make decisions with limited information. What we offer: Hybrid Working, Competitive salary + potential bonus, Car allowance, 25 days holiday + public holidays (pro rata) Holiday purchase scheme, Contributory pension, Paid volunteer day to support a cause you are passionate about, Enhanced maternity, paternity, adoption and shared parental pay entitlements, Private health insurance, Dedicated 24/7 employee benefits platform Verlingue that include things like: free eye tests, retail discounts, EAP WeCare service - including a 24/7 online GP and mental health counselling service, Boost your learning and growth through access to a Talent Library with over 800 courses, covering subjects from business skills to project management essentials, A warm and welcoming team environment, Development and a chance to build a rewarding career. Some of your key tasks will be Main point of contact for security matters for the region, Build a highly engaged and trained team with the required capabilities and competencies to achieve the stated mission. Gain a strong understanding of the business and its operations, and underlying IT, Analyse the effectiveness of the security controls (technical, processes, people) in the countries and businesses in scope, Propose plans towards improvement, in line with the global cybersecurity strategy, Support group-wide initiatives to roll-out new controls or improve existing ones, Enforce the global cyber risk framework to the countries and businesses in scope, aligning and influencing the business and technology areas to prioritise and mitigate key cyber risks, Maintain the risk registry, in alignment with the required stakeholders, Ensure that security is embedded in every regional project delivery process by providing the appropriate information security policies, practices, guidelines and necessary oversight, Proactively work with business units and global functions in InfoSec to support internal and external audits and ensure their success, Support other InfoSec teams and local IT teams during incident management and incident response activities, Liaise with Data Protection Officers for the implementation of data protection processes and controls, and during any data privacy issue, Contribute to obtaining the KPIs and metric values so InfoSec can report on our security posture periodically and consistently, Report in senior-level forums our risk posture and KPIs and metrics, Contribute to create a culture of security by communicating and raising awareness about security risks, Keep a constant innovative, challenging and constructive attitude towards continuous improvement. Key skills and experience: Substantial experience in IT and Technology, with considerable experience in a leadership role in cybersecurity within complex multinational organisations, Previous experience managing cyber incidents in a complex multinational organisation, Proven ability to coach, lead, and motivate a high performing team, Deep understanding of the cybersecurity market, trends, risk frameworks and security standards and regulations, Excellent written and verbal communication skills, able to communicate and influence stakeholders effectively within a multicultural ecosystem, Ability to manage complexity and make decisions with limited information or under uncertainty, Bachelor s degree in computer science, Computer Engineering, Mathematics or similar or have equivalent experience, You must be able to communicate effectively in English (ie CEFR C1). Desirable skills and experience: Spanish or Swedish language skills If you are not sure if you have the relevant skills or experience, then please apply (only takes a few minutes) and let our team review and come back to you. A bit about us: Tunstall is a market-leading health and care technology provider. We re passionate about ensuring our team reflects the brilliant and unique qualities of the people and communities we support. Our incredible team of more than 3,000 colleagues provides life saving and life changing technology and services to millions of people in 18 different countries. At Tunstall you ll find a place where you re valued and celebrated for being yourself. We empower our people to deliver the very best teamwork, innovation and thought leadership by creating an environment where we champion diversity and inclusion. We demonstrate our commitment to diversity and inclusion at each step. From our open, fair, and transparent recruitment processes, through to the many development and career growth opportunities we provide. Each Tunstall colleague has a superpower they re unique. No one else is them, and we think that s special. Come and join our mission and be part of our team, our One Tunstall team.
About the role Are you ready to step into a CISO position? Tesco Mobile is seeking a dedicated Security professional to join as their Chief Information Security Officer (CISO) who will have a significant role in crafting the future of our cyber security landscape. This is an outstanding opportunity to lead a world-class cyber security strategy within a dynamic and evolving business environment. By joining Tesco Mobile, you will be at the forefront of ensuring flawless security measures that protect our customers and business operations. You will report to Tesco Mobile's General Counsel and be part of our Cyber Security Chapter. You will collaborate with experts from Legal, Regulatory, Compliance, and Risk Management within our Business Integrity Centre of Excellence. You will be responsible for Key responsibilities: Be the face of security. Cultivate positive relationships, promote security, and discover opportunities for security to make valuable contributions within the business. Understand the security posture of the business and its processes in order to effectively engage them in the security improvement recommendations and cyber risk management. Be responsible for leading the cyber security strategy within the business and present risk-based security position and recommendations to management and executive teams. Drive the information security improvement plans which includes incorporating Tesco Group security requirements. Ensure adequate registration, analysis, resolution and reporting of privacy and information security incidents. Craft and coordinate information security assessments, pen testing, reviews and audits. Provide technical oversight of all security tooling and infrastructure services in use; Make recommendations on configuration and implementation improvements. Own third party vendor management for security services. Monitor and respond to emerging threat patterns, vulnerabilities and anomalies. Responsible for collaborating with the Tesco Group Security Operations team to help ensure the entire Tesco Group are protected against emerging threats. Ensure sufficient security assurance between collaborators (i.e. Tesco, Tesco Mobile, and Virgin Media O2) regarding cyber security for Virgin Media O2. You will need Extensive knowledge and experience in Cyber/Information Security to effectively collaborate with and support various collaborators. Strong working knowledge of security management principles and practices, including vulnerability management, event management, application security, Identity management, incident response. Excellent collaborator and ability to inspire change. Demonstrated ability to engage with a diverse set of collaborators and foster a security culture. Detail-oriented individual with a strong analytical background. Ideally previously hands on role in one of these domains, networks, sysadmin, software developer, security analyst. Security qualifications such as CISM, CISSP, CISA or equivalent. What's in it for you We're all about the little helps. That's why we make sure our Tesco colleague benefits package takes care of you - both in and out of work. Click Here to find out more! Annual bonus scheme of up to 45% of base salary. Car Cash Allowance. Holiday starting at 25 days plus a personal day (plus Bank holidays). Private medical insurance. Retirement savings plan - save between 6% - 10% and Tesco will contribute 1.5 times this amount. 26 weeks maternity and adoption leave (after 1 years' service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, we also offer 6 weeks fully paid paternity leave. About us Our vision at Tesco is to become every customer's favourite way to shop, whether they are at home or out on the move. Our core purpose is 'Serving our customers, communities and planet a little better every day'. Serving means more than a transactional relationship with our customers. It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of and for the planet. Diversity, equity and inclusion (DE&I) at Tesco means that whoever you are and whatever your background, we always want you to feel represented and that you can be yourself at work. In short, we're a place where Everyone's Welcome . We're proud to have been accredited Disability Confident Leader and we're committed to providing a fully inclusive and accessible recruitment process. For further information on the accessibility support we can offer, please click here . We're a big business and we can offer a range of diverse full-time & part-time working patterns across our many business areas, which means that we can find something that works for you. We work in a more blended pattern - combining office and remote working. Our offices will continue to be where we connect, collaborate and innovate.
Feb 20, 2025
Full time
About the role Are you ready to step into a CISO position? Tesco Mobile is seeking a dedicated Security professional to join as their Chief Information Security Officer (CISO) who will have a significant role in crafting the future of our cyber security landscape. This is an outstanding opportunity to lead a world-class cyber security strategy within a dynamic and evolving business environment. By joining Tesco Mobile, you will be at the forefront of ensuring flawless security measures that protect our customers and business operations. You will report to Tesco Mobile's General Counsel and be part of our Cyber Security Chapter. You will collaborate with experts from Legal, Regulatory, Compliance, and Risk Management within our Business Integrity Centre of Excellence. You will be responsible for Key responsibilities: Be the face of security. Cultivate positive relationships, promote security, and discover opportunities for security to make valuable contributions within the business. Understand the security posture of the business and its processes in order to effectively engage them in the security improvement recommendations and cyber risk management. Be responsible for leading the cyber security strategy within the business and present risk-based security position and recommendations to management and executive teams. Drive the information security improvement plans which includes incorporating Tesco Group security requirements. Ensure adequate registration, analysis, resolution and reporting of privacy and information security incidents. Craft and coordinate information security assessments, pen testing, reviews and audits. Provide technical oversight of all security tooling and infrastructure services in use; Make recommendations on configuration and implementation improvements. Own third party vendor management for security services. Monitor and respond to emerging threat patterns, vulnerabilities and anomalies. Responsible for collaborating with the Tesco Group Security Operations team to help ensure the entire Tesco Group are protected against emerging threats. Ensure sufficient security assurance between collaborators (i.e. Tesco, Tesco Mobile, and Virgin Media O2) regarding cyber security for Virgin Media O2. You will need Extensive knowledge and experience in Cyber/Information Security to effectively collaborate with and support various collaborators. Strong working knowledge of security management principles and practices, including vulnerability management, event management, application security, Identity management, incident response. Excellent collaborator and ability to inspire change. Demonstrated ability to engage with a diverse set of collaborators and foster a security culture. Detail-oriented individual with a strong analytical background. Ideally previously hands on role in one of these domains, networks, sysadmin, software developer, security analyst. Security qualifications such as CISM, CISSP, CISA or equivalent. What's in it for you We're all about the little helps. That's why we make sure our Tesco colleague benefits package takes care of you - both in and out of work. Click Here to find out more! Annual bonus scheme of up to 45% of base salary. Car Cash Allowance. Holiday starting at 25 days plus a personal day (plus Bank holidays). Private medical insurance. Retirement savings plan - save between 6% - 10% and Tesco will contribute 1.5 times this amount. 26 weeks maternity and adoption leave (after 1 years' service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, we also offer 6 weeks fully paid paternity leave. About us Our vision at Tesco is to become every customer's favourite way to shop, whether they are at home or out on the move. Our core purpose is 'Serving our customers, communities and planet a little better every day'. Serving means more than a transactional relationship with our customers. It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of and for the planet. Diversity, equity and inclusion (DE&I) at Tesco means that whoever you are and whatever your background, we always want you to feel represented and that you can be yourself at work. In short, we're a place where Everyone's Welcome . We're proud to have been accredited Disability Confident Leader and we're committed to providing a fully inclusive and accessible recruitment process. For further information on the accessibility support we can offer, please click here . We're a big business and we can offer a range of diverse full-time & part-time working patterns across our many business areas, which means that we can find something that works for you. We work in a more blended pattern - combining office and remote working. Our offices will continue to be where we connect, collaborate and innovate.
Select how often (in days) to receive an alert: Chief Information Security Officer (CISO) Date: 12 Feb 2025 Location: Oxford, GB Job Function: Business Business Unit: OI plc At Oxford Instruments, we enable the world's leading industrial companies and scientific research communities to image, analyse and manipulate materials down to the atomic and molecular level. With a sixty-year history, and fourteen Queen's Awards for Enterprise, our world-class products and technologies are helping our customers to address the greatest challenges of the 21st century. Are you an experienced and dynamic leader in the field of Information Security? We are looking for a CISO to join Oxford Instruments and provide strategic guidance and leadership in Information Security and IT Governance. As a global business, we need someone who can drive our Information Security strategy, policies, and operational security response. You'll also have the opportunity to implement security projects and ensure compliance with regulatory frameworks. In this role, you will build strong relationships with our users, gaining a deep understanding of their business needs and associated information security requirements. You will use this knowledge to ensure that our security solutions are tailored to meet those needs effectively. We need someone who can bridge the gap between strategy and execution, delivering tangible security outcomes. Key Responsibilities: Assess and manage cyber security risks to maintain agreed levels of protection Develop and execute a strategic security roadmap to proactively manage information security risks Collaborate with and evaluate 3rd party security suppliers to ensure a secure environment Lead internal and external security audits, providing timely and accurate information Establish and maintain a set of Information Security and IT policies, standards, and guidelines to ensure compliance Drive user awareness of security and foster secure behaviours through engaging security awareness campaigns Lead Cyber or Information Security incident response and effectively communicate with senior leaders during crises Clearly communicate IT and information security requirements to diverse audiences Prepare and rehearse security response playbooks for effective incident management To be successful in this role, you should have: Experience in setting and delivering an Information Security Strategy Proven ability to work with 3rd party security vendors to enhance protection and value Strong compliance background with external governance frameworks and standards such as NIS2, Cyber Essentials+, ISO 27001, or NIST 800-171 Ability to work in a federated environment, collaborating across timezones and driving security tasks A balance between thought leadership and hands-on execution Consideration for user needs while ensuring security requirements are met Practical experience in meeting GDPR and other data privacy laws Experience within a manufacturing environment If you have a relevant Cyber security qualification and a solid understanding of Risk and Information Systems Control, we want to hear from you. Experience supporting global and multi-cultural organisations and delivering ISO27001 certification programmes in complex environments is a plus. Familiarity with technologies such as Microsoft 365, Azure Hybrid environments, MFA solutions, and Zero Trust Network Architectures will also be beneficial. Join our team and make a real impact on our global security. Apply now and take the next step in your Information Security career with Oxford Instruments.
Feb 15, 2025
Full time
Select how often (in days) to receive an alert: Chief Information Security Officer (CISO) Date: 12 Feb 2025 Location: Oxford, GB Job Function: Business Business Unit: OI plc At Oxford Instruments, we enable the world's leading industrial companies and scientific research communities to image, analyse and manipulate materials down to the atomic and molecular level. With a sixty-year history, and fourteen Queen's Awards for Enterprise, our world-class products and technologies are helping our customers to address the greatest challenges of the 21st century. Are you an experienced and dynamic leader in the field of Information Security? We are looking for a CISO to join Oxford Instruments and provide strategic guidance and leadership in Information Security and IT Governance. As a global business, we need someone who can drive our Information Security strategy, policies, and operational security response. You'll also have the opportunity to implement security projects and ensure compliance with regulatory frameworks. In this role, you will build strong relationships with our users, gaining a deep understanding of their business needs and associated information security requirements. You will use this knowledge to ensure that our security solutions are tailored to meet those needs effectively. We need someone who can bridge the gap between strategy and execution, delivering tangible security outcomes. Key Responsibilities: Assess and manage cyber security risks to maintain agreed levels of protection Develop and execute a strategic security roadmap to proactively manage information security risks Collaborate with and evaluate 3rd party security suppliers to ensure a secure environment Lead internal and external security audits, providing timely and accurate information Establish and maintain a set of Information Security and IT policies, standards, and guidelines to ensure compliance Drive user awareness of security and foster secure behaviours through engaging security awareness campaigns Lead Cyber or Information Security incident response and effectively communicate with senior leaders during crises Clearly communicate IT and information security requirements to diverse audiences Prepare and rehearse security response playbooks for effective incident management To be successful in this role, you should have: Experience in setting and delivering an Information Security Strategy Proven ability to work with 3rd party security vendors to enhance protection and value Strong compliance background with external governance frameworks and standards such as NIS2, Cyber Essentials+, ISO 27001, or NIST 800-171 Ability to work in a federated environment, collaborating across timezones and driving security tasks A balance between thought leadership and hands-on execution Consideration for user needs while ensuring security requirements are met Practical experience in meeting GDPR and other data privacy laws Experience within a manufacturing environment If you have a relevant Cyber security qualification and a solid understanding of Risk and Information Systems Control, we want to hear from you. Experience supporting global and multi-cultural organisations and delivering ISO27001 certification programmes in complex environments is a plus. Familiarity with technologies such as Microsoft 365, Azure Hybrid environments, MFA solutions, and Zero Trust Network Architectures will also be beneficial. Join our team and make a real impact on our global security. Apply now and take the next step in your Information Security career with Oxford Instruments.
Ideas People Trust We're BDO. An accountancy and business advisory firm, providing the advice and solutions entrepreneurial organisations need to navigate today's changing world. We work with the companies that are Britain's economic engine - ambitious, entrepreneurially-spirited and high growth businesses that fuel the economy - and directly advise the owners and management teams leading them. Role Purpose The Business Information Risk Officer (BIRO) (Manager grade) role is responsible for leading the Chief Information Security Office (CISO) service to BDO's business streams to effectively manage information security risk. This role will play a key part in ensuring the effectiveness of BDO's information security risk management framework, procedures, and information security control framework. The BIRO role is the focal point for effective engagement between business streams and the CISO team. This role will be a trusted adviser to business stakeholders and provide broad knowledge of the firm's security strategies, policies, standards, processes, and road maps to enable streams to understand and meet information security requirements. Leading a team of Business Information Risk Analysts and working with nominated information security risk leads in the business, the BIRO will take responsibility for assessing information security risk with the business and ensure that those risks are being managed by the risk owners. Where decisions are made to accept, reduce, share or avoid, the BIRO will ensure appropriate visibility and governance committees are informed. The BIRO will also oversee the prioritisation of activities to support business requests and the delivery of other resources supporting risk assessments, always ensuring a consistent and high-quality service is being delivered to each business area. This role reports to the Cyber Security Manager. Principal Accountabilities Lead CISO's risk management service to the relevant streams, including responsibility for the performance management of the service and a team of Business Information Risk Analysts. Utilising BDO's information security risk management tools, procedures and control framework ensure an accurate risk posture is understood and defined for each business stream. Support the CISO team in maintaining 'information security risk communities' in the business to drive risk awareness and effective risk management. Support the business streams to identify, and maintain registers of information assets including infrastructure, systems, software, devices and data. Build and maintain effective relationships with the risk partners, risk owners, risk managers and other stream stakeholders. Develop collateral and appropriate materials to support engagement with business stakeholders, to explain CISO's role, key information security concepts and build awareness of information security risk and BDO's control framework. Identify information security responsibilities and controls ownership of third parties, streams, CISO and IT security teams. Proactively identify and support risk owners and managers to manage and regularly review IS risks and issues for streams. Support the business to assess criticality of assets and services. Lead information security aspects of business change and maturity improvements. Third party due diligence assessments. Gap analysis with BDO standards and policies. Identifying security capability, maturity and responsibilities within streams. Risk identification leading to clear business ownership and treatment actions. Vulnerability and technical security assessments. Technical point of contact for business and 3rd parties service providers to ensure clarity on meeting expectations or alternate approaches for managing risks. Preparation of papers and supporting business attendees for committee attendance. Reporting maturity, risk posture and trends to stream quality and risk partners. Client due diligence and bid support. Targeted security awareness, education, and risk briefings. Contribution to development and implementation of security policies and standards, and the design of security services and processes. Ensure that BDO policy and contractual obligations, and in turn compliance, is understood for each business stream. Identify and communicate metrics and reporting requirements to stakeholders that demonstrate security controls are effective and support creation of corrective action plans to manage improvement or change where necessary. Creation and maintenance of a "security toolkit" with templates of key processes and controls, communicated in language that is relevant and understandable to all audiences. In support of security initiatives be able to demonstrate and track progress to all stakeholders. Support on security incidents by bringing together business and technical knowledge to aid impact analysis and response. People and performance management of Business Information Risk Analysts. Technical Competencies Knowledge and experience of information security risk management frameworks and procedures. Experience of formal risk identification, assessment, and quantification methods. Knowledge of stakeholder engagement and management to achieve defined outcomes. Experience of service, performance, and people management to achieve defined outcomes. Highly self-motivated with keen attention to detail. The ability to build good relationships at all levels and influence stakeholders. Excellent verbal, written and interpersonal communication skills. Ability to work with others effectively, with 3rd parties, internal teams, promoting knowledge sharing within and across teams. Experience of managing and directing teams setting clear and achievable objectives aligned to the expected outcomes for the role. A good understanding of security frameworks including ISO27001/2, Cyber Essentials Plus, CIS Top 20, Data Protection Act 2018, OWASP Top 10. Have a relevant industry certification such as CISSP, CISM, CRISC, BRMP or similar.
Feb 13, 2025
Full time
Ideas People Trust We're BDO. An accountancy and business advisory firm, providing the advice and solutions entrepreneurial organisations need to navigate today's changing world. We work with the companies that are Britain's economic engine - ambitious, entrepreneurially-spirited and high growth businesses that fuel the economy - and directly advise the owners and management teams leading them. Role Purpose The Business Information Risk Officer (BIRO) (Manager grade) role is responsible for leading the Chief Information Security Office (CISO) service to BDO's business streams to effectively manage information security risk. This role will play a key part in ensuring the effectiveness of BDO's information security risk management framework, procedures, and information security control framework. The BIRO role is the focal point for effective engagement between business streams and the CISO team. This role will be a trusted adviser to business stakeholders and provide broad knowledge of the firm's security strategies, policies, standards, processes, and road maps to enable streams to understand and meet information security requirements. Leading a team of Business Information Risk Analysts and working with nominated information security risk leads in the business, the BIRO will take responsibility for assessing information security risk with the business and ensure that those risks are being managed by the risk owners. Where decisions are made to accept, reduce, share or avoid, the BIRO will ensure appropriate visibility and governance committees are informed. The BIRO will also oversee the prioritisation of activities to support business requests and the delivery of other resources supporting risk assessments, always ensuring a consistent and high-quality service is being delivered to each business area. This role reports to the Cyber Security Manager. Principal Accountabilities Lead CISO's risk management service to the relevant streams, including responsibility for the performance management of the service and a team of Business Information Risk Analysts. Utilising BDO's information security risk management tools, procedures and control framework ensure an accurate risk posture is understood and defined for each business stream. Support the CISO team in maintaining 'information security risk communities' in the business to drive risk awareness and effective risk management. Support the business streams to identify, and maintain registers of information assets including infrastructure, systems, software, devices and data. Build and maintain effective relationships with the risk partners, risk owners, risk managers and other stream stakeholders. Develop collateral and appropriate materials to support engagement with business stakeholders, to explain CISO's role, key information security concepts and build awareness of information security risk and BDO's control framework. Identify information security responsibilities and controls ownership of third parties, streams, CISO and IT security teams. Proactively identify and support risk owners and managers to manage and regularly review IS risks and issues for streams. Support the business to assess criticality of assets and services. Lead information security aspects of business change and maturity improvements. Third party due diligence assessments. Gap analysis with BDO standards and policies. Identifying security capability, maturity and responsibilities within streams. Risk identification leading to clear business ownership and treatment actions. Vulnerability and technical security assessments. Technical point of contact for business and 3rd parties service providers to ensure clarity on meeting expectations or alternate approaches for managing risks. Preparation of papers and supporting business attendees for committee attendance. Reporting maturity, risk posture and trends to stream quality and risk partners. Client due diligence and bid support. Targeted security awareness, education, and risk briefings. Contribution to development and implementation of security policies and standards, and the design of security services and processes. Ensure that BDO policy and contractual obligations, and in turn compliance, is understood for each business stream. Identify and communicate metrics and reporting requirements to stakeholders that demonstrate security controls are effective and support creation of corrective action plans to manage improvement or change where necessary. Creation and maintenance of a "security toolkit" with templates of key processes and controls, communicated in language that is relevant and understandable to all audiences. In support of security initiatives be able to demonstrate and track progress to all stakeholders. Support on security incidents by bringing together business and technical knowledge to aid impact analysis and response. People and performance management of Business Information Risk Analysts. Technical Competencies Knowledge and experience of information security risk management frameworks and procedures. Experience of formal risk identification, assessment, and quantification methods. Knowledge of stakeholder engagement and management to achieve defined outcomes. Experience of service, performance, and people management to achieve defined outcomes. Highly self-motivated with keen attention to detail. The ability to build good relationships at all levels and influence stakeholders. Excellent verbal, written and interpersonal communication skills. Ability to work with others effectively, with 3rd parties, internal teams, promoting knowledge sharing within and across teams. Experience of managing and directing teams setting clear and achievable objectives aligned to the expected outcomes for the role. A good understanding of security frameworks including ISO27001/2, Cyber Essentials Plus, CIS Top 20, Data Protection Act 2018, OWASP Top 10. Have a relevant industry certification such as CISSP, CISM, CRISC, BRMP or similar.
Head of Security Operations Center (SOC) Location: Manchester (Remote) Department: Information Security Reports To: Chief Information Security Officer (CISO) or Director of Cybersecurity Job Overview: We seek an experienced and strategic leader to serve as the Head of our Security Operations Center (SOC). In this role, you will be responsible for the SOC team's overall management, operations, and direction. You will oversee the monitoring, detection, analysis, and response to cybersecurity incidents and threats, ensuring that our organization's information systems and data remain secure. Your leadership will be instrumental in building a world-class SOC that can proactively identify and mitigate security risks. Key Responsibilities: - Leadership & Strategy: - Develop and implement the overall strategy for the SOC, aligning it with the organization's broader cybersecurity and business objectives. - Lead, mentor, and manage the SOC team, fostering a culture of excellence, continuous improvement, and collaboration. - Define and refine SOC processes, playbooks, and workflows to ensure operational efficiency and effectiveness. - Operational Management: - Oversee the 24/7 operations of the SOC, ensuring that security events and incidents are monitored, detected, and responded to promptly. - Ensure that the SOC has the necessary tools, technologies, and resources to effectively monitor and protect the organization's assets. - Maintain a high level of situational awareness regarding current and emerging threats, vulnerabilities, and attack vectors. - Incident Response & Management: - Lead the response to significant security incidents, working closely with other teams and stakeholders to contain, mitigate, and recover from security breaches. - Coordinate post-incident analysis and reporting, ensuring that lessons learned are documented and applied to improve SOC processes. - Establish and maintain strong incident communication protocols, ensuring that relevant stakeholders are informed during and after an incident. - Collaboration & Communication: - Collaborate with other cybersecurity, IT, and business teams to ensure a holistic approach to security across the organization. - Act as a key liaison between the SOC and senior leadership, providing regular updates on the state of security, ongoing initiatives, and incident response efforts. - Represent the SOC in meetings with external partners, auditors, and regulatory bodies as needed. - Continuous Improvement: - Stay up-to-date with the latest cybersecurity trends, technologies, and best practices. - Drive the continuous improvement of SOC capabilities, including the implementation of new tools, technologies, and methodologies. - Oversee the development and execution of training programs to enhance the skills and knowledge of the SOC team. - Budget & Resource Management: - Manage the SOC budget, ensuring that resources are allocated effectively to support SOC operations and initiatives. - Make recommendations for investments in new tools, technologies, and personnel to enhance the SOC's capabilities. Qualifications: - Education: - Bachelor's degree in Computer Science, Information Security, Cybersecurity, or a related field (Master's degree preferred). - Experience: - 5+ years of experience in cybersecurity, with at least 3 years in a leadership role within a SOC or similar environment. - Proven experience in incident response, threat intelligence, and security operations. - Demonstrated success in building, leading, and managing high-performing teams. - Skills: - Strong leadership and management skills, with the ability to inspire and motivate a team. - Deep understanding of security monitoring, detection, and response technologies and methodologies. - Excellent communication and presentation skills, with the ability to convey complex security issues to non-technical stakeholders. - Strategic thinking and problem-solving abilities, with a focus on proactive risk management. - Certifications (Preferred): - Certified Information Systems Security Professional (CISSP) - Certified Information Security Manager (CISM) - GIAC Security Operations Certified (GSOC) - Certified Incident Handler (GCIH) Additional Information: - Work Environment: - This role may require availability outside of standard business hours, including evenings and weekends, to respond to critical security incidents. - The position may involve occasional travel to other company locations or conferences. - Benefits: - Competitive salary and executive benefits package. - Opportunities for professional development, including certifications and training. - A dynamic and collaborative work environment with opportunities to shape the future of the organization's cybersecurity strategy.
Feb 13, 2025
Full time
Head of Security Operations Center (SOC) Location: Manchester (Remote) Department: Information Security Reports To: Chief Information Security Officer (CISO) or Director of Cybersecurity Job Overview: We seek an experienced and strategic leader to serve as the Head of our Security Operations Center (SOC). In this role, you will be responsible for the SOC team's overall management, operations, and direction. You will oversee the monitoring, detection, analysis, and response to cybersecurity incidents and threats, ensuring that our organization's information systems and data remain secure. Your leadership will be instrumental in building a world-class SOC that can proactively identify and mitigate security risks. Key Responsibilities: - Leadership & Strategy: - Develop and implement the overall strategy for the SOC, aligning it with the organization's broader cybersecurity and business objectives. - Lead, mentor, and manage the SOC team, fostering a culture of excellence, continuous improvement, and collaboration. - Define and refine SOC processes, playbooks, and workflows to ensure operational efficiency and effectiveness. - Operational Management: - Oversee the 24/7 operations of the SOC, ensuring that security events and incidents are monitored, detected, and responded to promptly. - Ensure that the SOC has the necessary tools, technologies, and resources to effectively monitor and protect the organization's assets. - Maintain a high level of situational awareness regarding current and emerging threats, vulnerabilities, and attack vectors. - Incident Response & Management: - Lead the response to significant security incidents, working closely with other teams and stakeholders to contain, mitigate, and recover from security breaches. - Coordinate post-incident analysis and reporting, ensuring that lessons learned are documented and applied to improve SOC processes. - Establish and maintain strong incident communication protocols, ensuring that relevant stakeholders are informed during and after an incident. - Collaboration & Communication: - Collaborate with other cybersecurity, IT, and business teams to ensure a holistic approach to security across the organization. - Act as a key liaison between the SOC and senior leadership, providing regular updates on the state of security, ongoing initiatives, and incident response efforts. - Represent the SOC in meetings with external partners, auditors, and regulatory bodies as needed. - Continuous Improvement: - Stay up-to-date with the latest cybersecurity trends, technologies, and best practices. - Drive the continuous improvement of SOC capabilities, including the implementation of new tools, technologies, and methodologies. - Oversee the development and execution of training programs to enhance the skills and knowledge of the SOC team. - Budget & Resource Management: - Manage the SOC budget, ensuring that resources are allocated effectively to support SOC operations and initiatives. - Make recommendations for investments in new tools, technologies, and personnel to enhance the SOC's capabilities. Qualifications: - Education: - Bachelor's degree in Computer Science, Information Security, Cybersecurity, or a related field (Master's degree preferred). - Experience: - 5+ years of experience in cybersecurity, with at least 3 years in a leadership role within a SOC or similar environment. - Proven experience in incident response, threat intelligence, and security operations. - Demonstrated success in building, leading, and managing high-performing teams. - Skills: - Strong leadership and management skills, with the ability to inspire and motivate a team. - Deep understanding of security monitoring, detection, and response technologies and methodologies. - Excellent communication and presentation skills, with the ability to convey complex security issues to non-technical stakeholders. - Strategic thinking and problem-solving abilities, with a focus on proactive risk management. - Certifications (Preferred): - Certified Information Systems Security Professional (CISSP) - Certified Information Security Manager (CISM) - GIAC Security Operations Certified (GSOC) - Certified Incident Handler (GCIH) Additional Information: - Work Environment: - This role may require availability outside of standard business hours, including evenings and weekends, to respond to critical security incidents. - The position may involve occasional travel to other company locations or conferences. - Benefits: - Competitive salary and executive benefits package. - Opportunities for professional development, including certifications and training. - A dynamic and collaborative work environment with opportunities to shape the future of the organization's cybersecurity strategy.
IT Security Engineer (Senior) is required by a Financial Brokerage based in the heart of the city of London, by Bank sstation paying up to 85k + Bonus + Bens This Senior IT Security Engineer role offers a unique chance to shape and enhance the security landscape of a forward-thinking organisation. Working closely with the Chief Information Security Officer (CISO) and a dedicated team of 3, this position allows you to make a tangible impact on security strategy and implementation. Why This Role Stands Out: - Influence and Ownership: Take charge of critical aspects of cybersecurity, from network monitoring to cloud security design, and make strategic decisions that drive the company's security posture forward. - Professional Growth: Engage with cutting-edge technologies and methodologies, including AI, machine learning, and advanced analytics, ensuring you stay at the forefront of the cybersecurity field. - Collaborative Environment: Work alongside a team of skilled professionals and security partners, fostering a culture of continuous improvement and shared expertise. - Comprehensive Benefits: Enjoy a competitive salary, professional development opportunities, and a supportive work environment that values work-life balance. Key Responsibilities: - Maintain and monitor network and devices, ensuring robust security patching and vulnerability management. - Develop and implement information security policies, including business continuity and disaster recovery plans. - Provide hands-on expertise in cloud-based technologies (Azure, AWS) with a focus on security, performance, and scalability. - Design and conduct security testing and training for employees. - Perform risk assessments and analyse current security solutions, recommending enhancements. - Support the adoption of new security technologies and best practices. - Stay abreast of the latest cybersecurity threats, trends, and technologies. Qualifications: - Bachelor's degree in Technology, Cyber Security, IT, or a related field. - Over 4 years of experience in a cybersecurity engineering role. - Technical certifications such as CISSP, CISM, CEH preferred; AWS/Azure certifications highly desirable. - In-depth knowledge of network systems, security products, and solutions (e.g., SentinelOne, Crowdstrike, M365). - Proficiency in risk assessment tools and techniques. - Experience with firewalls, VPN solutions, and IDS. - Familiarity with cybersecurity frameworks and standards (NIST CSF, ISO 27001, PCI DSS, Mitre ATT&CK). - Strong problem-solving skills and the ability to work under pressure. - Effective communication and documentation skills. - Ability to manage multiple tasks in a fast-paced environment and work both independently and as part of a team. This role is more than just a job; it's a platform to make a significant impact in the cybersecurity domain. If you have the expertise and drive to excel in this dynamic field, consider this your next big career move.
Feb 09, 2025
Full time
IT Security Engineer (Senior) is required by a Financial Brokerage based in the heart of the city of London, by Bank sstation paying up to 85k + Bonus + Bens This Senior IT Security Engineer role offers a unique chance to shape and enhance the security landscape of a forward-thinking organisation. Working closely with the Chief Information Security Officer (CISO) and a dedicated team of 3, this position allows you to make a tangible impact on security strategy and implementation. Why This Role Stands Out: - Influence and Ownership: Take charge of critical aspects of cybersecurity, from network monitoring to cloud security design, and make strategic decisions that drive the company's security posture forward. - Professional Growth: Engage with cutting-edge technologies and methodologies, including AI, machine learning, and advanced analytics, ensuring you stay at the forefront of the cybersecurity field. - Collaborative Environment: Work alongside a team of skilled professionals and security partners, fostering a culture of continuous improvement and shared expertise. - Comprehensive Benefits: Enjoy a competitive salary, professional development opportunities, and a supportive work environment that values work-life balance. Key Responsibilities: - Maintain and monitor network and devices, ensuring robust security patching and vulnerability management. - Develop and implement information security policies, including business continuity and disaster recovery plans. - Provide hands-on expertise in cloud-based technologies (Azure, AWS) with a focus on security, performance, and scalability. - Design and conduct security testing and training for employees. - Perform risk assessments and analyse current security solutions, recommending enhancements. - Support the adoption of new security technologies and best practices. - Stay abreast of the latest cybersecurity threats, trends, and technologies. Qualifications: - Bachelor's degree in Technology, Cyber Security, IT, or a related field. - Over 4 years of experience in a cybersecurity engineering role. - Technical certifications such as CISSP, CISM, CEH preferred; AWS/Azure certifications highly desirable. - In-depth knowledge of network systems, security products, and solutions (e.g., SentinelOne, Crowdstrike, M365). - Proficiency in risk assessment tools and techniques. - Experience with firewalls, VPN solutions, and IDS. - Familiarity with cybersecurity frameworks and standards (NIST CSF, ISO 27001, PCI DSS, Mitre ATT&CK). - Strong problem-solving skills and the ability to work under pressure. - Effective communication and documentation skills. - Ability to manage multiple tasks in a fast-paced environment and work both independently and as part of a team. This role is more than just a job; it's a platform to make a significant impact in the cybersecurity domain. If you have the expertise and drive to excel in this dynamic field, consider this your next big career move.
Job Details: Chief Information Security Officer (CISO) Vacancy Name: Chief Information Security Officer (CISO) Employment Type: Permanent Location: London Who are we? Ki is the biggest global insurance tech company you've never heard of, unless you've been looking to insure a satellite, wind farm or music festival recently. Having written over $877m in gross written premium in 2023, we've achieved significant growth since our beginnings in 2021. Our investors were excited about the fact we were revolutionising the way a 333 year-old industry was working. There are hardly any industries left that are mainly paper based, but the specialty insurance market is one. Together with partners at Google and UCL we developed Ki and created a platform that helps insurance brokers place risk in a fast and frictionless way. We're continuing to lead the charge on the digitisation of this market and we need more excellent minds to work with us to realise this goal and create more opportunities. What you will be working on: We are currently looking to add a Chief Information Security Officer to our team, holding leadership and operational management of Cybersecurity at Ki including technical security, governance and risk. Acting as a member of Ki's Technology Leadership Team, alongside our Tech Services Director, CTO, Director of Product and Director of Algo Underwriting, you will execute strategic initiatives and ensure alignment of cross-functional teams to Ki's cybersecurity strategy. You will primarily focus on defining and implementing a scalable and cost-effective Cybersecurity vision, strategy and landscape that will enable Ki to meet its business objectives, deliver tangible value and ensure a robust security infrastructure and governance framework is in place in the light of emerging threats and compliance with regulatory requirements. This role will also be focused on identifying cybersecurity partners and business development opportunities to generate improved service for clients or additional growth opportunities for Ki, including collaborating with the underwriting team at Ki to develop an increasingly refined view of Cyber risk. Minimum Requirements: If you have proven experience in a senior cybersecurity, IT or Technology leadership role within financial services, insurance or a growth stage technology business we'd love to hear from you. If you are keen to work with our wider leadership team to develop and execute a best in class cybersecurity strategy, for an innovative, growth-stage Insurtech this could be the role for you. Our culture: Inclusion & Diversity is at the heart of our business at Ki. We recognise that diversity in age, race, gender, ethnicity, sexual orientation, physical ability, thought and social background bring richness to our working environment. No matter who you are, where you're from, how you think, or who you love, we believe you should be you. You'll get a highly competitive remuneration and benefits package. This is kept under constant review to make sure it stays relevant. We understand the power of saying thank you and take time to acknowledge and reward extraordinary effort by teams or individuals.
Feb 04, 2025
Full time
Job Details: Chief Information Security Officer (CISO) Vacancy Name: Chief Information Security Officer (CISO) Employment Type: Permanent Location: London Who are we? Ki is the biggest global insurance tech company you've never heard of, unless you've been looking to insure a satellite, wind farm or music festival recently. Having written over $877m in gross written premium in 2023, we've achieved significant growth since our beginnings in 2021. Our investors were excited about the fact we were revolutionising the way a 333 year-old industry was working. There are hardly any industries left that are mainly paper based, but the specialty insurance market is one. Together with partners at Google and UCL we developed Ki and created a platform that helps insurance brokers place risk in a fast and frictionless way. We're continuing to lead the charge on the digitisation of this market and we need more excellent minds to work with us to realise this goal and create more opportunities. What you will be working on: We are currently looking to add a Chief Information Security Officer to our team, holding leadership and operational management of Cybersecurity at Ki including technical security, governance and risk. Acting as a member of Ki's Technology Leadership Team, alongside our Tech Services Director, CTO, Director of Product and Director of Algo Underwriting, you will execute strategic initiatives and ensure alignment of cross-functional teams to Ki's cybersecurity strategy. You will primarily focus on defining and implementing a scalable and cost-effective Cybersecurity vision, strategy and landscape that will enable Ki to meet its business objectives, deliver tangible value and ensure a robust security infrastructure and governance framework is in place in the light of emerging threats and compliance with regulatory requirements. This role will also be focused on identifying cybersecurity partners and business development opportunities to generate improved service for clients or additional growth opportunities for Ki, including collaborating with the underwriting team at Ki to develop an increasingly refined view of Cyber risk. Minimum Requirements: If you have proven experience in a senior cybersecurity, IT or Technology leadership role within financial services, insurance or a growth stage technology business we'd love to hear from you. If you are keen to work with our wider leadership team to develop and execute a best in class cybersecurity strategy, for an innovative, growth-stage Insurtech this could be the role for you. Our culture: Inclusion & Diversity is at the heart of our business at Ki. We recognise that diversity in age, race, gender, ethnicity, sexual orientation, physical ability, thought and social background bring richness to our working environment. No matter who you are, where you're from, how you think, or who you love, we believe you should be you. You'll get a highly competitive remuneration and benefits package. This is kept under constant review to make sure it stays relevant. We understand the power of saying thank you and take time to acknowledge and reward extraordinary effort by teams or individuals.
We are supporting a large financial services firm that is looking for a CISO to lead a relatively mature cybersecurity function and team. The firm in question is multifaceted with many business areas, and cybersecurity is a central function across the company's subsidiaries. For this reason, a Security Leader who comes from a complex, federated organization is of interest. The selected candidate is expected to own and manage the group's information risk. They will also manage a team comprised of both GRC and technical specialists. You will be the most senior person in security and will liaise with several board committees and present to the CEO. The successful CISO / Head of Information Security must demonstrate a delivery- and outcomes-based approach and must evidence where they have implemented change within an organization. We're searching for a CISO or Senior Information Security Leader who can communicate in business terms with various stakeholders at various levels of seniority, many of whom will be unfamiliar with the technical aspects of cybersecurity. Although this is an established function, there are improvements to be made, including reviewing group-wide security strategies and leading several improvement projects. Experience Experience performing the duties of a Head of Information Security / CISO within a blue-chip organization Industry background: Flexible; however, CISOs from a regulated environment such as financial services experience is highly advantageous. Proven knowledge of security frameworks such as ISO 27001, NIST, COBIT, and PCI Compliance Good practical knowledge of security technologies and wider business solutions, including SIEM solutions and cloud technologies. This role offers a competitive salary and strong benefits, including an excellent work-life balance. You would be expected to attend the City of London offices approximately twice a week, with some occasional travel to other offices.
Jan 28, 2024
Full time
We are supporting a large financial services firm that is looking for a CISO to lead a relatively mature cybersecurity function and team. The firm in question is multifaceted with many business areas, and cybersecurity is a central function across the company's subsidiaries. For this reason, a Security Leader who comes from a complex, federated organization is of interest. The selected candidate is expected to own and manage the group's information risk. They will also manage a team comprised of both GRC and technical specialists. You will be the most senior person in security and will liaise with several board committees and present to the CEO. The successful CISO / Head of Information Security must demonstrate a delivery- and outcomes-based approach and must evidence where they have implemented change within an organization. We're searching for a CISO or Senior Information Security Leader who can communicate in business terms with various stakeholders at various levels of seniority, many of whom will be unfamiliar with the technical aspects of cybersecurity. Although this is an established function, there are improvements to be made, including reviewing group-wide security strategies and leading several improvement projects. Experience Experience performing the duties of a Head of Information Security / CISO within a blue-chip organization Industry background: Flexible; however, CISOs from a regulated environment such as financial services experience is highly advantageous. Proven knowledge of security frameworks such as ISO 27001, NIST, COBIT, and PCI Compliance Good practical knowledge of security technologies and wider business solutions, including SIEM solutions and cloud technologies. This role offers a competitive salary and strong benefits, including an excellent work-life balance. You would be expected to attend the City of London offices approximately twice a week, with some occasional travel to other offices.
Interim CISO - Chief Information Security Officer Innovative, forward looking international business Support the Product Development Team About Our Client We are working with a fast growth technology client, who are looking to appoint an Interim CISO to support them. The business is well backed, and will offer the right candidate fantastic exposure to a large global group. Job Description Reporting to the CEO this role will support the business as they take their technical product to market. The role will ensure that the company remains secure, whilst working with the product teams as they finalise their offering. The Successful Applicant The successful candidate will be an experienced CISO with a qualification in the field, and will have worked in fast paced innovative organisations throughout their career. Experience from the technology sector is advantageous. He/she must be happy to be based in London at least 3 days a week, and be comfortable with international travel. What's on Offer Page Executive are inclusive Recruiters and Hirers, as reflected in our Clear Assured Gold Standard Accreditation from the Clear Company . We are passionate about attracting diverse talent and are committed to ensuring our processes are inclusive and supportive. Page Executive is part of the PageGroup. 200 Dashwood Lang Road , Addlestone , Surrey , KT15 2NX
Dec 19, 2022
Full time
Interim CISO - Chief Information Security Officer Innovative, forward looking international business Support the Product Development Team About Our Client We are working with a fast growth technology client, who are looking to appoint an Interim CISO to support them. The business is well backed, and will offer the right candidate fantastic exposure to a large global group. Job Description Reporting to the CEO this role will support the business as they take their technical product to market. The role will ensure that the company remains secure, whilst working with the product teams as they finalise their offering. The Successful Applicant The successful candidate will be an experienced CISO with a qualification in the field, and will have worked in fast paced innovative organisations throughout their career. Experience from the technology sector is advantageous. He/she must be happy to be based in London at least 3 days a week, and be comfortable with international travel. What's on Offer Page Executive are inclusive Recruiters and Hirers, as reflected in our Clear Assured Gold Standard Accreditation from the Clear Company . We are passionate about attracting diverse talent and are committed to ensuring our processes are inclusive and supportive. Page Executive is part of the PageGroup. 200 Dashwood Lang Road , Addlestone , Surrey , KT15 2NX
NHS Digital is the national digital, data and technology delivery partner for the NHS and social care system. NHS Digital create powerful tools and services that support NHS staff at work, help people get the best care, and use the nation's health data to drive research and improve services. The scope of the products and services provided is vast, from building and running the core IT and data infrastructure, platforms and live services on which the NHS and social care system relies, through to designing and developing digital products that help NHS and care staff do their work and that put people in control of their health and care. With the merger between NHS Digital and NHS England in full flow, we are entering an exciting phase in our development as a trusted delivery partner to the NHS and all those who rely on the unparalleled breadth and depth of the critical services it provides. This is your chance to be part of an organisation that makes a very real and positive contribution to the NHS, every day and on a national scale. The role Reporting to the Executive Director, National Cyber Security Operations for NHSD, you will have full accountability as the CISO to promote trust and resilience in NHS Digital's services and data by providing thought leadership and an integrated security design, risk management and assurance service to the business, extending to include NHS England & Health Education England as the organisations merge. Your responsibilities will include, but not be limited to: Providing strong internal delivery leadership to shape a new security culture, driving continuous security improvement activities across the Directorate and organisation, contributing to the broader culture of the newly merged NHS England. This will role-model a world class function to other NHS organisations. Delivering the CISO function for NHS Digital , establishing and agreeing control framework(s) through a comprehensive GRC programme; assessing and evaluating information security risks, identifying control gaps, monitoring compliance, and risk managing these with stakeholders and using a data-driven approach to providing data-driven risk reporting to ensure continuous security improvement. Managing the team that develops and manages Security Policies in line with risk appetite and establishing BISO structures across the newly merged organisations to support the internal risk management and supply chain assurance activities Building strong and effective relationships with Senior Leaders and teams within NHS Digital, as well as suppliers and security providers to build resilience, capability and strengthen security within NHS Digital, ensuring the best value for money Leading efforts to internally assess, evaluate and make security recommendations to senior management teams and committees regarding the adequacy of the security controls in their functions and across the organisation This leadership role, one of being a functional lead as well as being a deputy for the Executive Director Security brings with it a level of accountability that is integral to the effective operation of the Cyber Operations function and the broader organisation, ensuring functional objectives are delivered with effective governance, risk and compliance factored into all lifecycle and operational management, which will drive best practice data security across NHS Digital directorates, programmes, and services. The successful candidate will be someone with a track-record of successfully implementing security improvements within complex organisations. About you Essential Criteria Leadership & stakeholder management Strong evidence of inclusive leadership, managing & influencing complex stakeholders, developing high performing security teams and contributing to broader corporate leadership. You will need to be adept at negotiating & ensuring delivery of security improvements against competing organisational goals. Risk & Change Management Significant experience of actively managing security risks in large organisations, implementing frameworks (e.g. NIST, ISO27001, CAF, Cyber Essentials Plus) proportionately, establishing and delivering risk reduction activities across large organisations and leading assurance & strategic risk reporting work across security domains. CISO Operational & technical security expertise Experience establishing, delivering, and improving enterprise CISO & BISO capabilities including the use of control frameworks, security risk advice to 'secure' and 'assure', and GRC capabilities built on deep technical knowledge. What's in it for you a role as part of a dynamic team using data and digital technology to transform health and care a range of opportunities to build your experience in an environment where your work has a direct and positive impact a real commitment to your personal and professional development with access to a broad range of learning opportunities About us NHS Digital is a great place to work. What we do matters. Our outstanding teams are passionate about technology and public service, making use of everyone's skills to improve people's lives. We collaborate to deliver world class tech and intelligence, so come and join us. We are committed to sustainability, diversity and inclusion; our people are at the heart of what we do. Why you should apply We value the different experiences our people bring to their work at NHS Digital. We're working to create an environment where everyone can make a full contribution no matter their background, identity, or circumstances. Which means, we encourage applications from people of all backgrounds and abilities. Our work matters. You matter. What we offer you: we're moving to a hybrid working approach which offers you an informal, flexible way of blending home and office working flexible working opportunities - we value and respect the diversity of our employees, and applications from prospective candidates who require flexible working arrangements are welcomed; these include part-time hours, job sharing, flexible hours and part-remote set ups 27 days annual leave increasing to 33 days with service ability to buy and sell annual leave a generous pension (with our contribution equal to 20.6% of your earnings) NHS Discounts including shops, restaurants, gym, mobile phones, and insurance employee benefit schemes including our Season Ticket Loan, Car Lease and Bike to Work schemes
Dec 01, 2022
Full time
NHS Digital is the national digital, data and technology delivery partner for the NHS and social care system. NHS Digital create powerful tools and services that support NHS staff at work, help people get the best care, and use the nation's health data to drive research and improve services. The scope of the products and services provided is vast, from building and running the core IT and data infrastructure, platforms and live services on which the NHS and social care system relies, through to designing and developing digital products that help NHS and care staff do their work and that put people in control of their health and care. With the merger between NHS Digital and NHS England in full flow, we are entering an exciting phase in our development as a trusted delivery partner to the NHS and all those who rely on the unparalleled breadth and depth of the critical services it provides. This is your chance to be part of an organisation that makes a very real and positive contribution to the NHS, every day and on a national scale. The role Reporting to the Executive Director, National Cyber Security Operations for NHSD, you will have full accountability as the CISO to promote trust and resilience in NHS Digital's services and data by providing thought leadership and an integrated security design, risk management and assurance service to the business, extending to include NHS England & Health Education England as the organisations merge. Your responsibilities will include, but not be limited to: Providing strong internal delivery leadership to shape a new security culture, driving continuous security improvement activities across the Directorate and organisation, contributing to the broader culture of the newly merged NHS England. This will role-model a world class function to other NHS organisations. Delivering the CISO function for NHS Digital , establishing and agreeing control framework(s) through a comprehensive GRC programme; assessing and evaluating information security risks, identifying control gaps, monitoring compliance, and risk managing these with stakeholders and using a data-driven approach to providing data-driven risk reporting to ensure continuous security improvement. Managing the team that develops and manages Security Policies in line with risk appetite and establishing BISO structures across the newly merged organisations to support the internal risk management and supply chain assurance activities Building strong and effective relationships with Senior Leaders and teams within NHS Digital, as well as suppliers and security providers to build resilience, capability and strengthen security within NHS Digital, ensuring the best value for money Leading efforts to internally assess, evaluate and make security recommendations to senior management teams and committees regarding the adequacy of the security controls in their functions and across the organisation This leadership role, one of being a functional lead as well as being a deputy for the Executive Director Security brings with it a level of accountability that is integral to the effective operation of the Cyber Operations function and the broader organisation, ensuring functional objectives are delivered with effective governance, risk and compliance factored into all lifecycle and operational management, which will drive best practice data security across NHS Digital directorates, programmes, and services. The successful candidate will be someone with a track-record of successfully implementing security improvements within complex organisations. About you Essential Criteria Leadership & stakeholder management Strong evidence of inclusive leadership, managing & influencing complex stakeholders, developing high performing security teams and contributing to broader corporate leadership. You will need to be adept at negotiating & ensuring delivery of security improvements against competing organisational goals. Risk & Change Management Significant experience of actively managing security risks in large organisations, implementing frameworks (e.g. NIST, ISO27001, CAF, Cyber Essentials Plus) proportionately, establishing and delivering risk reduction activities across large organisations and leading assurance & strategic risk reporting work across security domains. CISO Operational & technical security expertise Experience establishing, delivering, and improving enterprise CISO & BISO capabilities including the use of control frameworks, security risk advice to 'secure' and 'assure', and GRC capabilities built on deep technical knowledge. What's in it for you a role as part of a dynamic team using data and digital technology to transform health and care a range of opportunities to build your experience in an environment where your work has a direct and positive impact a real commitment to your personal and professional development with access to a broad range of learning opportunities About us NHS Digital is a great place to work. What we do matters. Our outstanding teams are passionate about technology and public service, making use of everyone's skills to improve people's lives. We collaborate to deliver world class tech and intelligence, so come and join us. We are committed to sustainability, diversity and inclusion; our people are at the heart of what we do. Why you should apply We value the different experiences our people bring to their work at NHS Digital. We're working to create an environment where everyone can make a full contribution no matter their background, identity, or circumstances. Which means, we encourage applications from people of all backgrounds and abilities. Our work matters. You matter. What we offer you: we're moving to a hybrid working approach which offers you an informal, flexible way of blending home and office working flexible working opportunities - we value and respect the diversity of our employees, and applications from prospective candidates who require flexible working arrangements are welcomed; these include part-time hours, job sharing, flexible hours and part-remote set ups 27 days annual leave increasing to 33 days with service ability to buy and sell annual leave a generous pension (with our contribution equal to 20.6% of your earnings) NHS Discounts including shops, restaurants, gym, mobile phones, and insurance employee benefit schemes including our Season Ticket Loan, Car Lease and Bike to Work schemes
AMBITIOUS? BRIGHT? RIGHT? GAM is one of the world's leading independent, pure-play asset managers. We provide differentiated active investment solutions and products for institutions, financial intermediaries and private investors. Our core investment business is complemented by private labelling services, which include fund administration and other support services to third-party institutions. Together we share a common set of values rooted in teamwork, integrity, entrepreneurial flair and professional excellence. Our employees are our most valuable asset. Being able to offer an attractive work environment where talented minds from various backgrounds are keen to work is key to the long-term success of our company. We firmly believe in the importance of maintaining the open culture of a small company, aiming to avoid bureaucracy and encouraging a flexible, accessible and hands-on working style across the Group. In turn, our people reward us with their loyalty. Function: Information Technology Department: Information Technology Purpose The IT Security team within GAM exists to enable the business in meeting its strategic goals and objectives by developing and operating an appropriate IT security risk framework that allows us to adapt to a changing threat landscape, manage our vulnerability to security events and protect the business from avoidable loss and brand damage. We seek to enable change, safeguard data, protect shareholder and client value and ensure regulatory compliance through the operation of the IT security risk framework. The Chief Information Security Officer (CISO) is a key role within the company, and the role holder will be responsible for owning and operating the IT security risk framework, including our threat intelligence, vulnerability management and incident response processes. Main Duties & Responsibilities Strategic responsibilities: Maintain the IT security framework, providing ongoing analysis of emerging threats, risks and control gaps. Define and steer the IT security programme to implement technical security solutions and controls aligned to industry best practice and the emerging threat landscape. Chair the Cyber Security Steering committee and represent IT Security at appropriate Risk oversight committees and boards. Collaborate with the 2nd line of defence Information Security team, part of the GAM Risk function, in the development, implementation and ongoing assessment of security policies, procedures and standards across GAM's IT estate and business. Provide IT security requirements to IT projects and ensure their appropriate implementation. Operational responsibilities: Act as 1st line of defence for IT security, partnering with and providing challenge, support and advice to the business and IT teams to identify and manage the mitigation of security risks. Monitor infrastructure and applications to ensure that appropriate security levels are maintained and that security events are triaged and investigated in a timely manner. Act as control and process owner for security incident investigation. Maintain skills in evidential chain of custody, malware analytics and mobile device data recovery. Collaborate with IT and business peers to manage security vulnerabilities, events or investigations. Act as control and process owner for security incident management and response. Work closely with key stakeholders to ensure incident response plans are up to date and are effectively tested, including facilitation of tabletop exercises to simulate incident response in conjunction with the business continuity lead. Manage and oversee the day-to-day activities of any IT security outsourced suppliers (e.g. the Security Operations Centre and Threat Intelligence suppliers). Implement and provide MI reporting on the effectiveness of GAM's IT security controls framework, including the operation of controls and compliance with policies, procedures and standards. Participate in internal security assessments, internal audits, client audits, compliance certifications, third-party risk management and client security questionnaire responses. Management responsibilities: Manage IT Security Analyst(s) in support of IT security operations and the delivery of IT security solutions to the business. Progress IT Security Analyst(s)' professional development to ensure the team remains current in trends, techniques and technologies. Facilitate strong collaborative relationships between IT Security, IT, GAM business stakeholders and 3rd parties to support GAM in achieving its goals. Qualifications & Experience Educated to degree level in a Computer Science, Computer Security related field Technical certifications such as CISA, CompTIA S+ SANS GIAC Series Proven experience of working with IT security systems and information security governance, i.e. control frameworks, incident management, operations and application of security best-practices. Experience within financial services and operating in a highly regulated environment Solid experience of security engineering, in support of technologies and controls such as Network and Application firewalls, IDS/IPS, Web Proxy, Vulnerability Scanners, HIPS, Microsoft Active Directory services, SSL VPN, Endpoint Protection, Encryption technologies Strong analytical and problem-solving skills and can interpret and apply complex technical information and is able to explain security functionality from first principles. Experience working with SIEM technologies and SOC providers Solid 1st line management experience working to support the development and direction of both directly employed and third party employed IT security professionals Benefits GAM offers a comprehensive range of benefits and performance-based compensation, along with a variety of lifestyle and family benefits to promote well-being in and out of the workplace. These benefits vary according to local market conditions. Please contact the local Human Resources team for further details. Employing Company/ies: GAM (UK) Limited Reporting to: Global Head of Technology Contract: Permanent
Sep 16, 2022
Full time
AMBITIOUS? BRIGHT? RIGHT? GAM is one of the world's leading independent, pure-play asset managers. We provide differentiated active investment solutions and products for institutions, financial intermediaries and private investors. Our core investment business is complemented by private labelling services, which include fund administration and other support services to third-party institutions. Together we share a common set of values rooted in teamwork, integrity, entrepreneurial flair and professional excellence. Our employees are our most valuable asset. Being able to offer an attractive work environment where talented minds from various backgrounds are keen to work is key to the long-term success of our company. We firmly believe in the importance of maintaining the open culture of a small company, aiming to avoid bureaucracy and encouraging a flexible, accessible and hands-on working style across the Group. In turn, our people reward us with their loyalty. Function: Information Technology Department: Information Technology Purpose The IT Security team within GAM exists to enable the business in meeting its strategic goals and objectives by developing and operating an appropriate IT security risk framework that allows us to adapt to a changing threat landscape, manage our vulnerability to security events and protect the business from avoidable loss and brand damage. We seek to enable change, safeguard data, protect shareholder and client value and ensure regulatory compliance through the operation of the IT security risk framework. The Chief Information Security Officer (CISO) is a key role within the company, and the role holder will be responsible for owning and operating the IT security risk framework, including our threat intelligence, vulnerability management and incident response processes. Main Duties & Responsibilities Strategic responsibilities: Maintain the IT security framework, providing ongoing analysis of emerging threats, risks and control gaps. Define and steer the IT security programme to implement technical security solutions and controls aligned to industry best practice and the emerging threat landscape. Chair the Cyber Security Steering committee and represent IT Security at appropriate Risk oversight committees and boards. Collaborate with the 2nd line of defence Information Security team, part of the GAM Risk function, in the development, implementation and ongoing assessment of security policies, procedures and standards across GAM's IT estate and business. Provide IT security requirements to IT projects and ensure their appropriate implementation. Operational responsibilities: Act as 1st line of defence for IT security, partnering with and providing challenge, support and advice to the business and IT teams to identify and manage the mitigation of security risks. Monitor infrastructure and applications to ensure that appropriate security levels are maintained and that security events are triaged and investigated in a timely manner. Act as control and process owner for security incident investigation. Maintain skills in evidential chain of custody, malware analytics and mobile device data recovery. Collaborate with IT and business peers to manage security vulnerabilities, events or investigations. Act as control and process owner for security incident management and response. Work closely with key stakeholders to ensure incident response plans are up to date and are effectively tested, including facilitation of tabletop exercises to simulate incident response in conjunction with the business continuity lead. Manage and oversee the day-to-day activities of any IT security outsourced suppliers (e.g. the Security Operations Centre and Threat Intelligence suppliers). Implement and provide MI reporting on the effectiveness of GAM's IT security controls framework, including the operation of controls and compliance with policies, procedures and standards. Participate in internal security assessments, internal audits, client audits, compliance certifications, third-party risk management and client security questionnaire responses. Management responsibilities: Manage IT Security Analyst(s) in support of IT security operations and the delivery of IT security solutions to the business. Progress IT Security Analyst(s)' professional development to ensure the team remains current in trends, techniques and technologies. Facilitate strong collaborative relationships between IT Security, IT, GAM business stakeholders and 3rd parties to support GAM in achieving its goals. Qualifications & Experience Educated to degree level in a Computer Science, Computer Security related field Technical certifications such as CISA, CompTIA S+ SANS GIAC Series Proven experience of working with IT security systems and information security governance, i.e. control frameworks, incident management, operations and application of security best-practices. Experience within financial services and operating in a highly regulated environment Solid experience of security engineering, in support of technologies and controls such as Network and Application firewalls, IDS/IPS, Web Proxy, Vulnerability Scanners, HIPS, Microsoft Active Directory services, SSL VPN, Endpoint Protection, Encryption technologies Strong analytical and problem-solving skills and can interpret and apply complex technical information and is able to explain security functionality from first principles. Experience working with SIEM technologies and SOC providers Solid 1st line management experience working to support the development and direction of both directly employed and third party employed IT security professionals Benefits GAM offers a comprehensive range of benefits and performance-based compensation, along with a variety of lifestyle and family benefits to promote well-being in and out of the workplace. These benefits vary according to local market conditions. Please contact the local Human Resources team for further details. Employing Company/ies: GAM (UK) Limited Reporting to: Global Head of Technology Contract: Permanent
Job Description Due to growth we are now recruiting a Chief Information Security Officer (CISO) to leadand managethe IT Risk & Security team, and be a key member of the Technology Services management team here at AJ Bell. The Chief Information Security Officer (CISO) is responsible for the development and implementation of AJ Bells IT security strategy to protect the business against internal and ex...... click apply for full job details
Dec 04, 2021
Full time
Job Description Due to growth we are now recruiting a Chief Information Security Officer (CISO) to leadand managethe IT Risk & Security team, and be a key member of the Technology Services management team here at AJ Bell. The Chief Information Security Officer (CISO) is responsible for the development and implementation of AJ Bells IT security strategy to protect the business against internal and ex...... click apply for full job details
Job Description Due to growth we are now recruiting a Chief Information Security Officer (CISO) to lead and manage the IT Risk & Security team, and be a key member of the Technology Services management team here at AJ Bell. The Chief Information Security Officer (CISO) is responsible for the development and implementation of AJ Bell's IT security strategy to protect the business against internal and...... click apply for full job details
Dec 04, 2021
Full time
Job Description Due to growth we are now recruiting a Chief Information Security Officer (CISO) to lead and manage the IT Risk & Security team, and be a key member of the Technology Services management team here at AJ Bell. The Chief Information Security Officer (CISO) is responsible for the development and implementation of AJ Bell's IT security strategy to protect the business against internal and...... click apply for full job details
