Information Security Governance Manager

EQ is a leading international provider of shareholder, pension, remediation and credit technology. With over 5,000 employees, it supports 37 Million people in 120 countries. EQ’s purpose is to care for every customer and simplify every transaction, deliveredwith less of an impact on the environment. EQ’s vision is to be the leading global share registrar, offering complementary services to its client base. **Role Summary** The Information Security Governance Manager will lead a small team delivering a range of services. They will report to the CISO; they will manage the Information Security Governance team, consisting of up to 3 other staff. They will contribute to all theaspects of the team’s services as appropriate to demand, workload, skills and experience. **Core Duties/Responsibilities** - Manage the Information Security Governance team (staff management & development, work planning & tracking, financial budgeting and tracking). - Policies & Standards_ - Build and maintain a library of policies and standards that is accessible to all Company audiences. - Conduct regular formal reviews of policies and standards with key stakeholders to ensure continued appropriateness and completeness. - Coordinate a community of security and other relevant specialists who will contribute relevant content to policies and standards. - Coordinate and obtain agreement to policies and standards by key stakeholders, including: Group CIO, Group CISO and other interested parties. - Information Security Profession/Capability_ - Build and maintain the Information Security body of knowledge required to support the profession. - Identify potential Information Security profession members and encourage their involvement, keeping them informed of relevant development opportunities. - Define a career path for members of the profession, including appropriate levels of management responsibility and transitional steps between levels. - Develop and maintain a strategy and plan for the provision of necessary Information Security training to support the profession. - Security Awareness_ - Define the different audiences within the Company’s workforce globally and their respective requirements for education and awareness in policies, standards and good practice. - Define and maintain a rolling plan for the delivery of security awareness over a three-year period, marshalling both content and communications resources as well as embedded staff involved in delivery. Ensure that the plan is regularly reviewed and updated. - Obtain agreement to the rolling plan from key stakeholders, including Group CIO, Group CISO, Group CRO and Group communications. - Lead and coordinate a community of embedded security "champions" in business units and IT groups in the delivery of security awareness across the Company. - Maintain a budget to acquire, develop and maintain sources of material to assist delivery of effective awareness and education. - Conduct and publish regular measurements of security awareness status and impact of awareness raising activities across the Company. - Establish an internal compliance regime to compare and measure the Company’s current security state and mechanisms. - Reporting_ - Define a suitable set of complete internal measures of the state and quality of the Company’s security that can be practically produced on a regular basis. - Coordinate the production of regular internal measures of the state and quality of the Company’s security, liaising with the other IT Security teams, as well as other relevant IT and business units teams as appropriate. - Liaising with relevant teams, produce regular reports of the measures of the Company’s state and quality of security for management and other stakeholders, emphasising trends and highlighting exceptions from norms and root causes as appropriate. **Skills, Knowledge & Experience** The Information Security Governance Manager will have managed a central functional role or be have been engaged in consulting in a relevant specialism. They should have accumulated substantial relevant experience in a role in industry, audit services ora consultancy. Preferably, extensive experience is required of: - Security policy and standards development - Education and awareness campaigns - Measurement of awareness and change In addition, the following key experience is required: - Excellent oral and written communication skills - Excellent presentational skills - Experience of delivering against similar accountabilities with global impact in an organisation of similar scale and complexity as EQ - Ability and motivation to work with parties inside and outside the security community through a cooperative, interactive, trustful and respectful approach - Broad general knowledge of good information security practice - Track record of dealing with external expert suppliers in education and communications fields - Ability to lead and motivate a small team. **EQ Benefits** - 28 days + 8 bank holidays. Option to buy more days through salary sacrifice. - A cash payment annually towards flexible benefits, e.g. dental insurance, gym membership, the above extra holiday etc. - 4 x Life Assurance. - Company sick pay (2 months full pay, 2 months half, following probation). - Matched pension scheme up to 10% each side (20% in total). - Discounts with major retailers (EQ Wins). - Maternity or adoption leave of 3 months full pay, with return to work bonus / 2 weeks paid paternity leave.