Head of Information Security

This role is ideal for an experienced security professional with a wide experience of many technical domains and with a deep experience in key areas such as software development and architecture, cloud and enterprise architecture and IT infrastructure andnetworking. The role is also ideally suited to a 'people person' who is an approachable individual who is passionate about technology, passionate about Information Security but who is also pragmatic in their approach and prides themselves on being an agentof change and getting the job done The ideal person will be comfortable leading from the front with the support of the CISO to drive best practices and continuous improvement and will make decisions based on data trends, metrics and KPIs. Your Key Responsibilities will be - Use measures and KPIs to track your activities and initiatives, providing the CISO with regular reports - Oversee all software development initiatives ensuing security best practices are baked into all aspects of the software development lifecycle. This will include working with architects to design secure solutions, working with developers to ensure code meetsour security standards and coaching as required, working with other areas of product and development to ensure security is a first-class citizen in all of our products - Oversee all infrastructure development and cloud initiatives ensuring defined security best practices and principles are designed and implemented appropriately with technical teams - Using metrics and appropriate KPIs to ensure vulnerabilities in software, networks and infrastructure are remediated based on priority SLAs and never reintroduced, using these as coaching opportunities where required - Be the technical owner with key security suppliers, such as our external SOC and external penetration testers - Take ownership of security incident management responding to all incidents and SOC alarms, taking appropriate action to contain and resolve the incident, analysing and documenting RCA and implementing preventative measures - Take ownership of external vulnerability scanning and penetration testing, planning all penetration testing within the approved budget with external penetration testers, ensuring penetration tests happen smoothly and all required teams have had sufficientnotice to prepare environments and collating results into actionable and measurable reports for you to then drive remedial action via the appropriate team or department - Conduct your own technical security audits and assessments and "mini penetration tests" as required - Oversee the security arrangements with our partners and key suppliers, ensuring they are meeting our required security standards Key Skills - Experience working within the controls of an ISMS certified to ISO27001 and attending and contributing to internal and external audits - Interpersonal skills, communication skills, approachability, resilience and pragmatism are an absolute must for this role. You need to win hearts and minds to be an effective agent of change - Successful track record of effective coordination, prioritization, collaboration, organisation and project delivery. - Knowledge of relevant IT Security related hardware, software and vendor solutions. - An overall understanding of source code programming languages, such as C#, C++,.NET, Java, Perl, PHP, Delphi, ColdFusion etc. that our teams use. - Experience of secure software development best practices and the ability to use your experience to coach others in secure development - Practical experience surrounding the security architecture aspects of public and private facing hosted software in virtualised co-lo data centre environments and cloud networks in Azure - Deep thinking analytical mind with the ability to quickly get to the root cause of issues. - You will need to be organised, efficient and able to work unsupervised under your own initiative. - Ability to lead security incidents, take command and remain under control even when under pressure - Technical knowledge of conducting network security audits and penetration testing with a good knowledge of ethical hacking - You will be motivated by getting things done, and getting them done in the right way, first time; you are laser focussed on achieving the best outcome. - Using your communication skills, you will keep key stakeholders aware of progress against plans and help mitigate risks. You will understand that the identification of risks and issues is not enough - when escalating you will provide recommendations andsolutions.