Chief Information Security Officer (CISO)

GAM is one of the world's leading independent, pure-play asset managers. We provide differentiated active investment solutions and products for institutions, financial intermediaries and private investors.

Our core investment business is complemented by private labelling services, which include fund administration and other support services to third-party institutions. Together we share a common set of values rooted in teamwork, integrity, entrepreneurial flair and professional excellence.

Our employees are our most valuable asset. Being able to offer an attractive work environment where talented minds from various backgrounds are keen to work is key to the long-term success of our company. We firmly believe in the importance of maintaining the open culture of a small company, aiming to avoid bureaucracy and encouraging a flexible, accessible and hands-on working style across the Group. In turn, our people reward us with their loyalty.

Function:

Department:

Purpose

The IT Security team within GAM exists to enable the business in meeting its strategic goals and objectives by developing and operating an appropriate IT security risk framework that allows us to adapt to a changing threat landscape, manage our vulnerability to security events and protect the business from avoidable loss and brand damage. We seek to enable change, safeguard data, protect shareholder and client value and ensure regulatory compliance through the operation of the IT security risk framework.

The Chief Information Security Officer (CISO) is a key role within the company, and the role holder will be responsible for owning and operating the IT security risk framework, including our threat intelligence, vulnerability management and incident response processes.

Main Duties & Responsibilities

Strategic responsibilities:

• Maintain the IT security framework, providing ongoing analysis of emerging threats, risks and control gaps.

• Define and steer the IT security programme to implement technical security solutions and controls aligned to industry best practice and the emerging threat landscape.

• Chair the Cyber Security Steering committee and represent IT Security at appropriate Risk oversight committees and boards.

• Collaborate with the 2nd line of defence Information Security team, part of the GAM Risk function, in the development, implementation and ongoing assessment of security policies, procedures and standards across GAM's IT estate and business.

• Provide IT security requirements to IT projects and ensure their appropriate implementation.

Operational responsibilities:

• Act as 1st line of defence for IT security, partnering with and providing challenge, support and advice to the business and IT teams to identify and manage the mitigation of security risks.

• Monitor infrastructure and applications to ensure that appropriate security levels are maintained and that security events are triaged and investigated in a timely manner.

• Act as control and process owner for security incident investigation. Maintain skills in evidential chain of custody, malware analytics and mobile device data recovery. Collaborate with IT and business peers to manage security vulnerabilities, events or investigations.

• Act as control and process owner for security incident management and response. Work closely with key stakeholders to ensure incident response plans are up to date and are effectively tested, including facilitation of tabletop exercises to simulate incident response in conjunction with the business continuity lead.

• Manage and oversee the day-to-day activities of any IT security outsourced suppliers (e.g. the Security Operations Centre and Threat Intelligence suppliers).

• Implement and provide MI reporting on the effectiveness of GAM's IT security controls framework, including the operation of controls and compliance with policies, procedures and standards.

• Participate in internal security assessments, internal audits, client audits, compliance certifications, third-party risk management and client security questionnaire responses.

Management responsibilities:

• Manage IT Security Analyst(s) in support of IT security operations and the delivery of IT security solutions to the business.

• Progress IT Security Analyst(s)' professional development to ensure the team remains current in trends, techniques and technologies.

• Facilitate strong collaborative relationships between IT Security, IT, GAM business stakeholders and 3rd parties to support GAM in achieving its goals.

Qualifications & Experience

• Educated to degree level in a Computer Science, Computer Security related field

• Technical certifications such as CISA, CompTIA S+ SANS GIAC Series

• Proven experience of working with IT security systems and information security governance, i.e. control frameworks, incident management, operations and application of security best-practices.

• Experience within financial services and operating in a highly regulated environment

• Solid experience of security engineering, in support of technologies and controls such as Network and Application firewalls, IDS/IPS, Web Proxy, Vulnerability Scanners, HIPS, Microsoft Active Directory services, SSL VPN, Endpoint Protection, Encryption technologies

• Strong analytical and problem-solving skills and can interpret and apply complex technical information and is able to explain security functionality from first principles.

• Experience working with SIEM technologies and SOC providers

• Solid 1st line management experience working to support the development and direction of both directly employed and third party employed IT security professionals

Benefits

GAM offers a comprehensive range of benefits and performance-based compensation, along with a variety of lifestyle and family benefits to promote well-being in and out of the workplace. These benefits vary according to local market conditions. Please contact the local Human Resources team for further details.

Employing Company/ies:

Reporting to:

Contract: