Head of Information Security
The Head of Information Security role:
We have a great opportunity for an Information Security Officer to assist BABB in developing, implementing and monitoring a comprehensive enterprise-wide information security programme, based on accepted industry standards, and frontier technology, to ensure the availability, integrity and confidentiality of information owned, controlled and processed by the organisation.
You will help the organisation achieve and maintain Industry and Government approved Cyber Essentials+ accreditation.
You will also assist in delivering education/training programs for all employees, business partners, alliances, or other third parties, to ensure appropriate awareness of security policies, procedures and standards, and to create general information security awareness within the organisation as well as any third-party engagements.
Babb is innovating in the financial services sector using leading edges technologies including crypto, blockchain and DLT components. Our HSIT needs to have a proficient understanding of the security considerations, requirements and measures required to secure these technologies.
What we’re looking for in and expecting from our Information Security Officer:
– Creating and implementing a strategy for the deployment of information security technologies for Babb.
– Performing IT security risk assessments and reporting on ways to minimise and mitigate threats.
– Monitoring and reporting on security vulnerabilities and hacking threats in network and host systems.
– Tracking latest IT security innovations and keeping abreast of latest cyber security technologies.
– Ensuring business continuity.
– Communicating with key stakeholders about IT security threats.
– Implementing an effective process for the reporting of security incidents.
– Overseeing the investigation of reported security breaches.
– Developing strategies to handle security incidents and trigger investigations.
– Managing the IT security team, security experts and advisors.
– Complying with the latest regulations and compliance requirements.
– Championing and educating the organisation about the latest security strategies and technologies.
– Managing the daily operation and implementation of the IT security strategy.
– Conducting a continuous assessment of current IT security practices and systems and identifying areas for improvement.
– Running security audits and risk assessments and reporting back to management.
– Delivering new security technology approaches and implementing next generation solutions.
– Overseeing the management of the IT security department, giving leadership to the team and developing staff.
– Ensuring compliance and governance is met.
– Driving change projects and building new IT capabilities.
– Developing and implementing business continuity plans to ensure service is continuous when a change programme is introduced, or a security breach occurs or in the event that the disaster recovery plan needs to be triggered.
– Protecting the intellectual property of the organisation at all times.
– Devising strategies and implementing IT solutions to minimise the risk of cyber-attacks, including but not limited to those related to crypto, blockchain and distributed ledger technologies.
– Reviewing, analysing and delivering data information.
– Communicating digital programmes and strategy to a range of stakeholders.
– Managing the IT security budget and communicating this with the appropriate parties.
– Reporting to the board and being an active member of the senior management team.
– A passion for technology and security safeguarding with a desire to deliver.
– Thrives on change, showing an impressive ability to drive the IT security strategy forward.
– Analytical mind capable of managing numerous information sources and providing data analysis reports to senior management.
– Experience implementing best practice and compliance in Information Security.
– An understanding of/or practical experience of applicable UK Laws, regulations and standards. (eg. Cyber Essentials, PCI-DSS and GDPR).
– Knowledge and experience of G-suite, Office 365, Azure and, or AWS.
– An understanding of IT functions, how Information Security integrates and supports these areas.
– Excellent written and communication skills tailored to desired audience.
– Able to listen to, understand and respond to business requirements, willing to negotiate and influence compromise across conflicting requirements to produce high level and innovative solutions/approaches.
– Confident in the use of different communications channels e.g. blogs, podcasts, online training and social media.
– Ability to work with and willing to travel across all support functions in the business and subsidiaries.
– Excellent communication skills – providing verbal and written communication that is outstanding to both direct reports and senior management as well as other stakeholders. A persuasive, articulate communicator who is adept at communicating information security related concepts to a diverse group of stakeholders (including non-technical audiences) and executive directors.
– Flexible and adaptable – capable of changing direction where required and showing flexibility to meet new demands.
– Forms business partnerships that help drive the IT security strategy forward.
– Strong interpersonal, presentation and leadership skills – service orientation, collaboration, facilitation, and negotiation skills.
– Can make decisions that are well informed and timely.
– Creative thinking – able to look at alternatives and consider new ways of thinking to problem solve.
– Multi-tasking – can manage several concurrent projects and prioritise demands.
– Confident in the use of different communications channels eg. blogs, podcasts, online training and social media.
– A proactive mindset – able to raise awareness not just of the issues that affect Babb now but also future issues.
– A Bachelor’s degree is a minimum with many organisations selecting candidates with a computer science degree or a qualification in a related subject.
– A Master’s degree in business administration or relevant security qualification is highly desirable.
This level of seniority usually demands relevant amount of proven IT security experience, preferably more than 5 years. Change management and business process experience is ideal together with a proven track record.
Experience of managing a team:
A proven record of dealing with complex projects and meeting conflicting demands.
Working hours are typically contracted as a normal working week – Monday to Friday 9:00am to 6:00pm – but a HIS is expected to work extended hours to match the peaks and troughs of project flows, typically when a new system is implemented, to ensure business continuity.
We are offering a competitive market related salary for this position.
You can send your CV to: