Our client is a major asset management company seeking a European regional CISO, Head of Security & Fraud for a newly created, leadership position based in London.
Official job title: Head of Enterprise Security & Fraud (Europe)
The firm is looking for a talented leader to build an effective Enterprise Security and Fraud program to support the Europe business, including operations, oversight, communications, education and consulting for IAM, Cyber Security, Physical Security, Fraud, 3rd Party Assurance and Crisis Management.
• Lead the teams operating in a matrix environment across the globe.
• Lead cross functional ES&F teams and partner effectively with the heads of security & risk related functions (e.g., Enterprise Risk Management, IT Controls, Compliance, Audit, Contingency, Legal) to address critical security risks and help drive a global cohesive agenda. Align the program with audit and regulatory drivers. Respond to global audit or regulatory issues or findings that arise. Coordinate the use of outside consultants as appropriate for independent security audits and assessments; as required, lead contractors. Primary contact for maintaining and coordinating security operations for the firm in the event of an emergency in Europe.
• Lead global strategy development and execution.
• Manage the efficiency and effectiveness of the department and performance of the organization. Set measurable goals and examine ways to raise standards, to increase quality and to improve overall performance of the department. Monitor team progress and measure team and departmental success in identifying and managing risk exposure for the region.
• Partner with peer groups and various other teams on business strategies and projects crafted to help grow the Europe region.
• Conduct benchmarking, gap and vulnerability assessments, key control and control environment assessments, risks prioritization, and mitigation planning and execution.
• Act as liaison with local law enforcement and intelligence counterparts, in-country security, and private sector security liaison partners in the event of a threat or high-risk situation. Develop, influence, and nurture trust-based relationships with business unit leaders, government officials and professional organizations. Connect and represent the firm with relevant regulators on security matters and controls.
• Act as a member of Risk Committee and Europe Executive Risk Committee and as a liaison between IT and Europe business areas on security matters.
• Prepare and deliver presentations to a variety of management and governance forums (including UK Board, Risk Committee, and Client Due Diligence meetings) on department strategy and planning, status, issues. Support development of senior management presentations.
• Plan, develop and execute short and long range goals/strategies to meet department and corporate objectives. Also recommend solutions within established timeframes and budgetary controls.
• Develop & drive security Governance based on local regulatory requirements, in partnership with the US-based ES&F Governance Risk & Compliance team.
• Act as a liaison with local clients to coordinate RFP inquiries, engaging with US-based ES&F Governance Risk & Compliance team to produce RFP responses.
• Coordinate with US-based Controls Assurance team to document key controls, perform controls testing, and reporting on controls effectiveness.
• Coordinate with US-based Third Party Risk Management and Third Party Security Management teams to support vendor security assessments and vendor oversight.
Skills & Experience
• Ten years related work experience, with five years in information security and/or fraud investigation and prevention experience preferred. People leadership experience required.
• Financial services and regulatory experience - FCA required, BaFin preferred
• Undergraduate degree or equivalent combination of training and experience. Graduate degree preferred.
• This role encompasses activities that fall within the remit of UK Financial Conduct Authority ('FCA') regulation. The successful candidate will therefore be subject to UK regulatory requirements in relation to conduct rules, regulatory references and the assessment of fitness and propriety, knowledge, experience and competence. Where appropriate, the role may also be subject to approval by the UK FCA.