AgencyImage

Our partner, a leading Insurance Group is looking for an experienced information security Team Leader with DEV/OPS and Agile delivery methodologies: To define, maintain and ensure the integrity and consistency of end to end Information Security solutions in order to satisfy project and/or change programme requirements. Ensures alignment to the Information Security reference and governance frameworks, enterprise security architecture, relevant regulatory requirements and best practice. To be recognised as a subject matter expert and a key relationship holder between the business functions and CISO. To provide advice, support and guidance to Security Solution Consultants and other team members. To manage a small team of Security Consultants. Required Skills/Competencies Proven track record of information security experience and to be seen as a subject matter expert. Experience of DEV/OPS and Agile delivery methodologies. Experience in working on project/change management programmes. Ability to manage competing deadlines and prioritise responsibilities to effectively meet business needs. Team player, shares knowledge and has the ability to deliver projects and to work within integrated, multi-disciplinary project teams. Ability to manage people, previous Team Leading background is required. Strong drive and resilience to overcome challenges or setbacks to achieve your team/project goals. Strong inter-personal skills demonstrating a high degree of credibility. Proven ability to manage stakeholder engagement effectively. Ability to work both independently and as part of a team at all levels and across all business units. Strong communication skills both written and oral demonstrated through ability to present concisely and appropriately to target audience. Ability to build and maintain effective working relationships. Strong analytical skills to gather information and perform detailed data analysis to provide business performance insights. Ability to provide accurate reports and metrics to lead to the right recommendations and decisions Desirable Skills/Competencies Experience in working in Business/Information Technology strategic planning. Experience in a highly regulated business environment, ideally gained in financial services. Qualifications/Certifications Undergraduate degree (preferably 2:1 or higher) in a relevant field (eg Computer Engineering, Computer Science, Information Security) or in a STEM major (Science, Technology, Engineering, or Math) is strongly preferred. Security certifications such as CISM, CISSP, M.Inst.ISP, CISA, CEH by a recognised professional body are required. Project Management certifications such as PRINCE2, Agile Project Management (AGPM) or similar certifications are desirable. Key Accountabilities Business Engagement Acts as the primary interface to the business for CISO for all project and change programmes. Responsible for providing expert advice and guidance to all areas of the business on Information Security. Documents information security risk assessments identifying any issues or risks that need to be articulated to senior management for remediation and/or to follow formal risk acceptance governance processes. Responsible for managing, on behalf of the project or change programme, any penetration testing requirements, engaging with third parties, managing Security Engineering and the business to remediate any risks/issues identified before go-live. Clearly communicates security solution designs, key recommendations and approaches to interested parties, stakeholders, project bodies and relevant governance forums. Participates in relevant governance boards and forums. Security, Risk & Control Identifies and implements opportunities for innovation and continuous improvement in the delivery of appropriate Information Security solutions. Interprets the information security reference and governance frameworks and liaises with all relevant parties to ensure solutions are delivered securely and appropriately. Supports delivery of projects and change programmes ensuring that they align to the security architecture framework and that solutions meet relevant information security principles. Identifies information security gaps and advises on design of new controls and processes to be implemented by internal teams or third parties to facilitate remediation. Contributes to the creation of detailed metrics and reports based on information security risk analysis to reduce and mitigate risk. Stakeholder Management Develops and maintains relationships with relevant functions to ensure successful delivery of Information Security into projects and change programmes. In collaboration with first line Risk, jointly responsible for engaging with the business to highlight information security risks to ensure they are making informed decisions around technology and implementation choices.