XTN-D7C7735

Sodali & Co is a leading provider of strategic advice and shareholders services to corporate clients around the world. Our firm provides corporate boards and executives with strategic advice and services relating to a broad range of activities including mergers and acquisitions annual and special meetings shareholder activist initiatives multinational cross-border equity transactions and debt restructuring services. From headquarters in New York and offices and partners in major capital markets across APAC and EMEA we service more than 1000 corporate clients in 80 countries including many of the world’s largest multinational addition to publicly listed and private companies its clients include mutual funds ETFs stock exchanges and membership associations.

The ISO is a mid senior-level candidate who will be responsible for developing and implementing our information security program which includes procedures and policies designed to protect enterprise communications IT systems and company and customer assets from both internal and external threats.

MONETARY BENEFITS

Leave Monetization of Sick Leaves

Premium Benefits (eligibility as applicable)

13th MonthPay

NON-MONETARY BENEFITS

HMO Principal

HMO Dependent

Carry Over of Leaves

Paid Leave Credits

Special Leaves

Birthday Leave

Responsibilities include but are not limited to:

• Leads the information security function across the company to ensure consistent and high-quality information security management in support of the business goals
• Develop implement and monitor a comprehensive enterprise information security program that aligns with strategic plan and best-in-class compliance and industry requirements.
• Maintain our ISO 27001 SOC2 Type GDPR and UK Cyber Essential certification and related activities. – Non-Negotiable
• Manage our annual internal and external penetration test and remediation.
• Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action
• Define and facilitate the information security risk assessment process including the reporting and oversight of treatment efforts to address findings with appropriate compliance business partners
• Manage security incidents and events to protect corporate IT assets including intellectual property regulated data and the companys reputation
• Coordinates the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provides direction support and in-house consulting in these areas
• Develops implements and enhances an up-to-date information security management framework
• Create implement and manage confidentiality data safeguarding and data retention policies and procedures
• Develop maintain and roll out training and activities for information security awareness within the organization
• Evaluates security trends evolving threats risks and vulnerabilities and applies tools to mitigate risk as necessary.
• Provide regular reporting on the current status of the security program to relevant stakeholders as part of a strategic enterprise risk management program. Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program facilitate appropriate resource allocation and increase the maturity of the security

• Experience in working in an international organizations is an advantage.
• Demonstrated ability to build successful cybersecurity programs
• Expert understanding of cybersecurity concepts principles and practices.
• Strong decision-making capabilities with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
• Excellent conceptual problem-solving skills with demonstrated ability to bring structure to vaguely defined problems pragmatically scope problems and manage execution
• Organizational and political agility; developed negotiation and influence skills
• Unquestionable personal code of ethics integrity diversity and trust
• Able to successfully navigate within varying degrees of ambiguity in a fast-paced environment
• Experience of formal risk assessment methodologies.
• In depth understanding of networks databases and business applications as they relate to security. Excellent understanding of computer networking concepts and protocols and network security methodologies.
• Ability to work in a cross-functional matrix environment
• Excellent understanding of vulnerability management and associated tools and solutions.
• Deep expertise with Azure platform.
• Keeps up to date on all matters pertaining to IT security.
• Knowledge of leading practice incident management processes.
• Solution driven with demonstrated ability to meet deadlines and deliver results.

• Bachelor’s degree or equivalent program in Computer Science Business Information Systems Information Security or Information Technology
• Relevant Professional certification essential: CISSP CISA CISM or CRISC
• Minimum 10 years in a Senior Information Security or similar role.
• Experience in setting up and managing information security in a financial services organization.
• Excellent knowledge and experience of ISO27001 SOC2 Type 2 and GDPR
• Knowledge of national and international laws regulations policies and ethics as they relate to cybersecurity.
• Knowledge of Risk Management Processes (eg methods for assessing and mitigating risk)