Information Security Officer (ISO) / Information Technology Security Office London, England
Job description
Job Summary
To operate according to established controls that enable ERGO UK and clients to treat customers fairly and keep the customers at the centre of ERGO’s and clients’ businesses.
To demonstrate a high work ethic and possess core knowledge and skills to support strategic objectives.
Duties and Responsibilities
· Regular travel between the Birmingham and London offices, as well as travel to the head office in Germany, as and when necessary.
· Any other duties that your manager may reasonably require.
· Coordinate the continuous development, implementation and updating of security and privacy policies, standards, guidelines, baselines, processes and procedures in compliance with local and governmental regulations and standards for Group information systems.
· Develop and manage the security frameworks, processes, tools and consultancy necessary for IT to properly manage risk and to make risk-based decisions related to IT activities.
· Proactive identification and mitigation of IT risks as well as responding to observations identified by third party auditors or examiners while assisting in the development of periodic reports and dashboards presenting the level of controls compliance and current IT risk posture.
· Assist senior management and staff with the audits and facilitate management response and remediation efforts. Ensure overall IT compliance with regulatory requirements through proactive planning and communication, ownership and relationships.
· Broaden and deepen knowledge of the business and environment of IT with respect to the secure delivery of projects, strategic initiatives and systems portfolio to effectively assist senior managers and staff with risk and compliance management.
· Identify acceptable levels of residual risk and assist with action plans, policy and procedural changes for risk mitigation. Provide strategic security recommendations to key IT projects to help improve project results, quality of deliverables, risk optimisation, security processes and compliance with regulations.
· Receive notification of security incidents and conducts complex investigations; prepares written findings, recommendations and follow up evaluation; and analyses patterns and trends.
· Coordinate information security incident response and reporting for events or exploited vulnerabilities including unauthorised system or network access, denial of service, inappropriate data access, data corruption, and/or collection of private or confidential information.
· Works as a liaison with local and governmental authorities requiring information and reports on security incidents to include FCA or local governmental and regulatory authorities.
Skills & Expertise
· Experience in information security governance, risk, compliance including information security policy development and implementation.
· Have experience helping a business to operate more securely and to enable the security elements to help others achieve their business objectives in a secure fashion.
· Knowledge and understanding of financial and insurance industry information security, governance, risk and compliance practices and standards.
· Knowledge of laws and regulations including but not limited to: GDPR, PRIN Principles for Businesses, SYSC Senior Management Arrangements, Systems and Controls.
· Experience with development and the implementation of security awareness programs. Also to then align the security awareness programs to help mitigate specific security risks to the business.
· Excellent organisational and communication skills (both oral and written).
· Strong interpersonal skills and the ability to effectively communicate at different levels throughout the organisation.
· Proven problem solver with ability to provide in-depth analysis of complex problems, manage risk and provide timely and accurate decisions.
· Knowledge of IT processes and controls and strong understanding of risk and control frameworks such as (CoBIT, ISO, NIST, ITIL, PCI).
· General knowledge of information security regulatory requirements and compliance to standard frameworks such as ISO/IEC 27001/2, CIS Critical Security Controls (CIS Controls) and NIST CSF including 800-53.
· Possess Certified Information Systems Security Professional (CISSP) or other information systems security certifications such as Certified Information Security Manager (CISM).
· Ability to ensure standards and parameters for any systems on the corporate network are correct and as close to flawless as reasonably can be expected.
· Have an understanding of security technology controls which could be applied to reduce risk.
Benefits Provided:
- Pension
- Medical Cover
- Life Insurance
- Leisure Allowance
- Season Ticket Loan
- Group Income Protection/EAP
- Group Life Insurance
- BUPA Health Assessment
- Childcare Vouchers
- Season Ticket Loan
- Eye Test Voucher
Job Type: Full-time
Salary: £55,000.00-£65,000.00 per year
Schedule:
- Monday to Friday
Ability to commute/relocate:
- London: reliably commute or plan to relocate before starting work (required)
Experience:
- Information Security, Compliance, Risk, Governance (required)
- Cybersecurity Practitioner (5 Years) (required)
Work Location: Hybrid remote in London
