Director of Information Security
One of my FTSE 250 clients is currently recruiting for a Director of Information Security to join their team where you will be responsible for developing and maintaining effective policies and procedures on information security, risk and privacy for the business. They are initially looking for a contractor until they find the right permanent profile and have a competitive budget to play with. You will take a pragmatic approach to security and host a wealth of information security experience with a heavy focus on risk management/governance/data protection and GDPR.
- To provide advice and guidance to the business on information risk, compliance & privacy.
- To provide independent assessment of IT and information risk and privacy and its management
- Manage and drive the execution and compliance of the company against the Information Security Standards and recommend appropriate solutions.
- Act as the interface with other departments regarding cyber security, information security, compliance and privacy.
- Support business areas in the identification and analysis of information risks and data protection concerns.
- Manage and maintain the Information Security Policy Framework.
- Develop, maintain and support the Data Protection, PCI DSS and information security polices, standards and guidelines as well as education, awareness and assurance programmes.
- Co-ordinate the reporting of security vulnerabilities and issues working closely with IT and Risk departments to recommend appropriate solutions.
- Provide regular and timely reports to senior management, risk committee and other interested parties on information risk & privacy status and issues
- Review and modify information security clauses in client and third party contracts
- Extensive knowledge on information security management standards
- A strong understanding of information risk related legislation.
- Experience with strategic security planning with proven ability to work collaboratively with other departments to resolve complex issues with innovative solutions
- Strong leadership skills with proven experience working in a senior security management position.
- Experience and understanding of the information risk implications of third party relationships and the management strategies required.
- An understanding of the business drivers for appropriate business areas.
- Knowledge of security investigation techniques, the rules of evidence and practical experience of computer forensics would be useful