Information security officer Rainbow SBS UK

SBS is embarking on delivering a significant programme of work over the next 2 years which will improve the experience of millions of customers in the UK. We are looking for an Information Security Officer (ISO) to lead the development of the programmes security posture ensuring appropriate certifications processess and operating model are in place.

The ISO plays a critical role in ensuring a highly effective and secure service for one of our major UK clients. Reporting directly to the Head of Service line and program manager and facing off to senior stakeholders across Europe including the CISO the ISO will be expected to demonstrate Leadership strategic planning and experience in establishing Information Security Management Systems which comply with government standards.

The role will require the candidate to travel occasionally within both the UK Belgium and France.

High-Level Objectives:

• Responsible for all aspects of Security delivery for the Major UK Client.
• Be the go-to authority for all Security-related issues and strategies regarding service delivery to the Client.
• Identify manage and mitigate information security risks.
• Align information security strategy with business goals and objectives.
• Ensure compliance with relevant local and international laws as well as internal policies.
• Foster a culture of information security awareness and continuous improvement.
• Drive the adoption of best practices in data protection and cybersecurity.

Core Responsibilities:

• Strategic Leadership: Develop and implement an annual information security roadmap in alignment with business objectives.
• Compliance Management: Keep up-to-date with legal and regulatory changes ensuring timely compliance and client commitments.
• Risk Assessment: Ensure regular Data Protection Impact Assessments vulnerability scans and risk assessments are executed.
• Stakeholder Engagement: Liaise with internal and external stakeholders including regulatory bodies auditors and third-party vendors to ensure alignment of Security standards & plans
• Incident Management: Develop and maintain an incident response plan. Handle security incidents and breaches effectively.
• Budget Oversight: Manage the information security budget to ensure adequate funding for critical initiatives.
• Policy Development & Enforcement: Create and enforce policies related to emerging trends which may impact the service to our client.
• Performance Metrics: Establish monitor and report on KPIs to assess the effectiveness of the information security program.
• Resilience Testing: Conduct periodic resilience and penetration testing to evaluate organizational preparedness.
• Employee Training: Evangelise and enable regular training and awareness programs on various aspects of information security relative to the service.
• Vendor Risk Management: Perform security assessments on third-party vendors and manage associated risks.
• Board Reporting: Provide regular reports to the internal and external senior management on the status of information security and risk.

Qualifications :

Minimum Competencies & Experience:

• Educational Qualification: Relevant security professional accreditations such as CISSP IBITGQ (ISC)² - with evidence of how these have been applied into a working role.
• Experience: Minimum of 5 years of experience in information security preferably in the financial services or technology sectors.
• Technical Skills: Proficiency in common security tools and AWS platforms including SIEM firewalls and endpoint protection.
• Legal and Regulatory Knowledge: Familiarity with GDPR ISO 27001 and other relevant information security laws and standards.
• Communication Skills: Excellent written and verbal communication skills with the ability to convey complex information in a clear manner.

Preferred Competencies & Experience

• Strong experience across UK government security requirements such as GBEST ITHC His Majestys Government (HMG) Security Policy Framework and equivalent UK publicsector security standards particularly in Technology / IT practices is considered as a strong asset.
• Experience in working within a Service Integration and Management (SIAM) model
• Experience leading or participating in cross-functional teams across departments like legal human resources and operations particularly in the context of incident response and compliance.
• BPSS Security Cleared

Informations supplémentaires :

At our organization we are committed to fighting against all forms of discrimination. We foster a work environment that is inclusive and respectful of all differences.

All of our positions are open to people with disabilities.

Remote Work :

No

Employment Type :

Full-time