Head of IT Security

  1. Permanent
£80,000 - £100,000 per annum
JTHOIS0001_1600785318

London

The details

Head of IT Security

OVERVIEW
This role will be required to create and develop a cyber security team in order to carry out a variety of activities, including very tactical, operational and strategic activities in support of the CISO's and IT's program initiatives.

RESPONSIBILITIES

■ Strategic Support ■
● Work with the CISO to develop a security program and security projects that address identified risks and business security requirements.
● Manage the process of gathering, analysing and assessing the current and future threat landscape, as well as providing the CISO with a realistic overview of risks and threats in the enterprise environment.
● Develop budget projections based on short- and long-term goals and objectives.
● Monitor and report on compliance with security policies, as well as the enforcement of policies within the IT department.
● Propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance.
● Manage a staff of information security professionals, hire and train new staff, conduct performance reviews, and provide leadership and coaching, including technical and personal development programs for team members.

■ Security Liaison ■
● Assist product owners and IT staff in understanding and responding to security audit failures reported by auditors.
● Work as a liaison with vendors and the legal and purchasing departments to establish mutually acceptable contracts and service-level agreements.
● Manage production issues and incidents and participate in problem and change management forums.
● Serve as an active and consistent participant in the information security governance process, working with the CISO and IT and business stakeholders to define metrics and reporting strategies that effectively communicate successes and progress of the security program.

■ Architecture / Engineering Support ■
● Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software.
● Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
● Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyse its impact on the existing environment; provide technical and managerial expertise for the administration of security tools.
● Work with the enterprise architecture team to ensure that there is a convergence of business, technical and security requirements; liaise with IT management to align existing technical installed base and skills with future architectural requirements.

■ Operational Support ■
● Coordinate, measure and report on the technical aspects of security management.
Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements.
● Manage and coordinate operational components of incident management, including detection, response and reporting.
● Maintain a knowledgebase comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations.
● Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.
● Manage security projects and provide expert guidance on security matters for other IT projects.
● Assist and guide the disaster recovery planning team in the selection of recovery strategies and the development, testing and maintenance of disaster recovery plans.
● Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements.
● Design, coordinate and oversee security testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks.

REQUIREMENTS


■ Knowledge & Experience ■
● Demonstrate extensive experience in the IT industry with expertise in many areas of security and IT Technologies.
● Experience in translating business needs into IT solutions.
● A broad understanding of the latest developments in technologies, industry specific issues, competitor and vendor activity and initiatives.
● Experience in design, strategy and security related activities.
● Demonstrate a good knowledge of IT industry trends, suppliers and products.
● Good knowledge of industry products and services advantageous.
● Ability to analyse trends, identifies causes of risks and problems and makes recommendations for relevant actions for the betterment of the company. Ability to manage and build out teams as deemed neccessary.



.

jobs

Related jobs

Finance Director

Salary:

£90,000 - £105,000 per annum

Location:

Manchester, Greater Manchester

Market

Commerce & Industry

Job Discipline

Qualified Finance

Industry

Private Equity

Salary

£100,000 - £125,000

Qualification

Fully qualified

Contract Type:

Permanent

** DEFAULT listwidget.vacancypartial.description - en-GB **

Finance Director required by my client a PE backed organisation who are about to enter into their next exciting phase of international growth

** DEFAULT listwidget.vacancypartial.reference - en-GB **

BBBH161967

** DEFAULT listwidget.vacancypartial.expirydate - en-GB **

30/10/20

Becky Hughes

** DEFAULT listwidget.vacancypartial.author - en-GB **

Becky Hughes
Becky Hughes

** DEFAULT listwidget.vacancypartial.author - en-GB **

Becky Hughes
Find out more
IT Audit Senior Manager

Salary:

£80,000 - £90,000 per annum

Location:

London

Market

Commerce & Industry

Job Discipline

IT Audit

Industry

Professional Services

Salary

£80,000 - £100,000

Qualification

Fully qualified

Contract Type:

Permanent

** DEFAULT listwidget.vacancypartial.description - en-GB **

Leading firm is looking for a qualified IT Audit Senior Manager (ACA/CISA equivalent) to join their team in Central London.

** DEFAULT listwidget.vacancypartial.reference - en-GB **

IT161966CBY

** DEFAULT listwidget.vacancypartial.expirydate - en-GB **

30/10/20

Charlie Buddery

** DEFAULT listwidget.vacancypartial.author - en-GB **

Charlie Buddery
Charlie Buddery

** DEFAULT listwidget.vacancypartial.author - en-GB **

Charlie Buddery
Find out more
Senior Investment Manager

Salary:

£120,000 - £135,000 per annum + 100% Bonus, Benefits.

Location:

Dublin

Market

Financial Services

Job Discipline

Investment - Buyside

Quantative

Industry

Investment Banking & Capital Markets

Investment Management

Salary

£125,000 - £175,000

Qualification

Fully qualified

Contract Type:

Permanent

** DEFAULT listwidget.vacancypartial.description - en-GB **

Our client is a Boutique Asset Manager with operations in Dublin, London, Hong Kong and New York.

** DEFAULT listwidget.vacancypartial.reference - en-GB **

BBBH161680

** DEFAULT listwidget.vacancypartial.expirydate - en-GB **

20/11/20

Matthew Fitzpatrick

** DEFAULT listwidget.vacancypartial.author - en-GB **

Matthew Fitzpatrick
Matthew Fitzpatrick

** DEFAULT listwidget.vacancypartial.author - en-GB **

Matthew Fitzpatrick
Find out more
View all jobs
posts

Related articles

Will IR35 affect your business?
Will IR35 affect your business?

** DEFAULT postresults.teaserlabel - en-GB **

General

** DEFAULT postresults.contenttypelabel - en-GB **

General

20/06/19

** DEFAULT postresults.summarylabel - en-GB **

Employees in the United Kingdom can be categorised as full-time, part-time, casual, freelance and contract workers, with the self-employed bracket now making up 15% of the entire working population. The number of self-employed workers jumped from 3.3 million in 2001 to 4.8 million in 2017, with a corresponding fall in the unemployment rate showing the overall boost in jobs growth from the rise in self-employment. However, the attractive market for freelancers and contractors has been hit with some uncertainty in recent times, thanks largely to the 2018 Autumn Budget’s announcement of IR35 tax reforms. Here’s what the new IR35 rules could mean for you and your business: What is IR35? IR35 is a piece of legislation originally introduced to the UK in 1999. Its purpose is to differentiate between those workers who operate as genuine contractors and those who work as ‘disguised’ employees to avoid paying tax. It came about to challenge contractors who were taking advantage of the tax efficiencies of working through a limited company, with the aim of defending both the Exchequer from lost taxes and protecting workers’ rights from unscrupulous employees. However, the IR35 has proven to be ambiguous for many, with some contractors taking advantage of loopholes and a lack of clarity. Hence, the new IR35 rules aim to tighten up the contractor market and ensure tax avoidance loopholes are closed. How does IR35 work? There are three principles that can help to determine employment status and whether a contractor falls inside or outside IR35: Control (the degree of control the client has over the work a contractor does and how and when they do it) Substitution (whether the worker needs to do the work themselves or if they could send a substitute in their place) Mutuality of obligation (whether the employer is obliged to offer work and the contractor is obliged to accept it). Additionally, the contract type, provision of equipment and whether a worker is “part and parcel” of a business can all help to determine whether someone falls inside or outside IR35. The change in IR35 rules shifts the responsibility to determine tax status away from the contractor and onto the business that takes them on. Until now, contractors have been able to self-determine their status, however as of April 2020, when the new rules come into effect for the private sector, companies will risk being fined if they don’t make the correct assessment.  How will IR35 impact contract workers? It’s anticipated that many contract workers who have been enjoying the tax benefits of working outside IR35 will fall under the legislation when employers are tasked with determining their status. This will see more contractors having tax and National Insurance contributions deducted from their pay. However, if you operate as a legitimate small business and are determined to work outside of IR35, you will not be affected by the rule changes. How will IR35 impact employers? The major change for businesses is that they will now be responsible for determining the IR35 status of any contractor working for the company. The new rules will only apply to medium and large sized businesses, so contractors who work for small businesses can continue to set their own IR35 statuses. Those businesses that the IR35 rule changes do apply to will face paying back taxes and fines should they be found to be noncompliant. What should I do to prepare for IR35? Contractors may wish to speak to an accountant or personal finance expert to determine whether IR35 will impact them and if a move to permanent work may prove to be more beneficial after the rules come into effect. For many, contracting will remain appealing regardless of increased tax responsibilities, however it’s important to factor in any change in income that IR35 may bring about. Businesses are being warned not to make blanket assessments that cover all their contractors, as this can leave workers without a fair assessment and risk them paying unnecessary taxes without equivalent employment rights. Instead, businesses should consider IR35 status on a case-by-case basis or they may risk losing out on top talent. The HMRC has released a consultation document for businesses to prepare for the IR35 changes, recommending identifying and reviewing current contract workforce status and putting processes in place for taking on new workers. At Marks Sattin, we pride ourselves on keeping abreast of all industry legislation, updates and changes that affect our candidates and clients. Speak with us about how we can help you. References: https://www.bbc.co.uk/news/business-44887623 https://www.ons.gov.uk/employmentandlabourmarket/peopleinwork/employmentandemployeetypes/articles/trendsinselfemploymentintheuk/2018-02-07 https://www.contractorcalculator.co.uk/what_is_ir35.aspx https://www.axa.co.uk/business-insurance/business-guardian-angel/how-ir35-changes-will-affect-freelancers-and-self-employed-contractors/ https://www.telegraph.co.uk/business/ir35-rules/new-contractor-tax/ https://www.telegraph.co.uk/business/ir35-rules/how-will-new-rules-impact-business/ HMRC consultation document

** DEFAULT postresults.teaserlabel - en-GB **

Employees in the United Kingdom can be categorised as full-time, part-time, casual, freelance and contract workers

Read full article
Pres Pillai

by

Pres Pillai

Pres Pillai

by

Pres Pillai

Is taking a Chief Data Officer role right for you?
Is taking a Chief Data Officer role right for you?

** DEFAULT postresults.teaserlabel - en-GB **

Technology

** DEFAULT postresults.contenttypelabel - en-GB **

General

14/05/19

** DEFAULT postresults.summarylabel - en-GB **

The role of the CDO is being discussed more than ever before. Although the role has existed for the past 20+ years, job boards and LinkedIn were not as prevalent, and therefore the role did not have much exposure outside organisations. When you think of the CDO job title, I think the word ‘data’ would spring to mind for most people, because shouldn’t data be the main driver of most decisions made by the c-suite? However, it appears to be that the modern CDO is becoming less about pure data, in contrast to other analytics and business intelligence roles who are predominantly technical (refer to my previous blog on the ambiguity of analytics and business intelligence), and more of a holistic role encompassing areas like risk, compliance and even marketing. Of course, as a senior executive, strategy and operations will play a huge part of the role, as they do in all board level roles however, it may be worth noting the possibility of  the role of a CDO being diluted. If I put myself in a candidate’s shoes, someone who has always had a data driven role and then opts to take on a new challenge of CDO, would they miss the lack of focus in their previous position, or would they welcome the change? I think the answer is in why the person might take a CDO opportunity. For example, if you have reached a plateau in your role as ‘Business Intelligence/Analytics Director’, and your only means of career progression is to take a CDO role, then you possibly would not enjoy the variety of the role. For others, a route that has direct progression into a more strategic role, that delves away from the pure technical work that was once pivotal to their career may be deemed as a step in the right direction. So, a question to my network… is the role of the CDO a clear career step for a data professional, and should it stay as an all-encompassing position, or be more data driven?

** DEFAULT postresults.teaserlabel - en-GB **

When you think of the CDO job title, I think the word ‘data’ would spring to mind for most people, because shouldn’t data be the main driver of most decisions made by the c-suite?

Read full article
Michael Moretti

by

Michael Moretti

Michael Moretti

by

Michael Moretti

Accountancy and the threat of cybercrime
Accountancy and the threat of cybercrime

** DEFAULT postresults.teaserlabel - en-GB **

Technology

** DEFAULT postresults.contenttypelabel - en-GB **

General

11/04/16

** DEFAULT postresults.summarylabel - en-GB **

In the festive season, with an increased volume of online shopping traffic (this year’s Black Friday and Cyber Monday set a new record for internet retailing), the UK’s vulnerability to online criminals is critical. Cybercrime has gone from being virtually unknown 20 years ago to being identified by the Government as one of the UK’s top national security risks – alongside terrorism. The perpetrators of cybercrime are no longer bedroom dwelling ‘script kiddies’ either, with powerful countries maintaining elite units of hackers. The threat to business is now greater than ever. Research estimates that cybercrime costs large companies in the UK an average of £4.1 million a year, and there are several parts of a company’s operations at risk. In recent years, companies have had funds stolen, products in development spied upon, and their customers’ data compromised.  The latter is a particular risk for organisations given the negative publicity this can cause. TalkTalk recently hit headlines when it reported that the credit card data of thousands of its customers had potentially been compromised, which resulted in a 7% fall in its share price.  The challenge posed by cybercrime is particularly acute for accountants who maintain highly sensitive and sought after client data on their systems, and a breach of financial information could be catastrophic for a firm operating in an industry that is built on trust between client and practitioner. Accountants of all sizes therefore need to make sure they are able to ward off cybercriminals – and have a plan of action ready should things go wrong.    

** DEFAULT postresults.teaserlabel - en-GB **

Cybercrime has gone from being virtually unknown 20 years ago to being identified by the Government as one of the UK’s top national security risks – alongside terrorism.

Read full article
Michael Moretti

by

Michael Moretti

Michael Moretti

by

Michael Moretti