Head of Information Security

---

Job description

Head of Information Security

Our client is a global education provider delivering world-class professional apprenticeships, qualifications, degree programmes and professional development, as well as providing professional training materials which are studied across the globe.

Our client's courses are delivered through a blend of Face-to-Face, Online and In-Classroom setting, including our award-winning virtual classrooms.

They work with 80% of the FTSE 100 companies and include many disciplines and sectors within our scope including financial services, public sector, health and social care, industry and commerce, law and the professions.

The perfect candidate will:

* Be the authoritative voice on security matters for our client.
* Be conversant with modern security requirements and processes including ISO standards
* Manage the governance process for IT security across existing services & new opportunities, such as leading on threat modelling exercises and owning all security testing activities.
* Be fluent in technical security standards such as OWASP
* Continually improve upon and embed industry standard information security practices across the group
* Be aware of and conversant with the security services marketplace and developments.
* Own any security contract relationships to ensure adherence to contracts and requirements.
* Develop security Monitoring and Threat monitoring solutions.
* Ensure Processes are in place to ensure actions are taken and closed out when threats are identified, for example following a penetration test.
* Liaise with Client CSO level employees to ensure visibility of security activities and that they meet client contractual requirements and expectations.

Responsibilities\/Accountability:

* Ownership of the company security strategy & roadmap in line with emerging threats & the changing landscape of IT and Business Services.
* Ownership of client facing security structures for to include incident reporting, monitoring and client risk alerts.
* Review, assess & recommended action for operational delivery services to ensure they are following security best practice & company policies, building security in to day to day thinking and practices across delivery.
* Working closely with the IT Team to continually develop the security systems and processes
* Own proactive communication of appropriate threats to staff\/students on a regular basis, to ensure information security is embedded within The Group
* Establish themselves as the go to individual for all security questions relating to both client and supplier contracts
* Partner with multiple projects and initiatives to apply security architecture requirements, develop solutions, integrate security into solution designs, access risks of security gaps, and develop architecture remediation.
* Annual security testing
* Lead security initiatives and ensure their successful execution.

Skills, experience and qualifications required

* Significant experience in a senior IT security related role in a large multi sector environment.
* Demonstrates knowledge of IS027001, BS25777 & PCI-DSS.
* Demonstrates thought leadership in all aspects of security i.e. IAM, network, data etc
* Significant experience in information and cyber security.
* Can demonstrate extensive DLP experience in complex organisations
* Ability to manage and deliver projects, including development of project plans, project goals and objectives, tasks, required resources, and timelines for completion.
* Understanding of the Techniques, Tools and Processes in use by hackers.
* Good understanding of security related technology like firewalls, WAFs, IDS\/IPS systems, SIEM systems, etc. Hands-on experience in one of these domains is always a plus.
* Analytical thinking and problem solving skills with focus on results and customers.
* Overseeing and conducting risk management activities (risk assessment, gap analysis, business impact analysis, threat and vulnerability evaluations, etc.)
* Excellent Communications skills to C level within client organisations.
* Excellent presentation skills.

* Educated to degree level with considerable professional experience gained operating at a senior level in private or public sector with a demonstrable track record of managing risk & operational security services is essential.
* Industry accepted IT Security certification e.g. CISSP. CISM or ISSMP.

Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at hays.co.uk

<!– job description page –>