Head of Information Security

**Job Title: Head of Information Security / Cyber Security**

**Location: West Midlands - Hybrid**

**Salary: £95,000 - £110,000**

**Benefits: Pension, exceptional training and development programme**

My client is looking for a
**Head of Information Security / Cyber Security** to join their business on a permanent basis. You will support both the Director of IT Service Delivery in the protection of the Confidentiality, Integrity and Availability of information held and processed by or on behalf of the business. The Head of Cyber Security will lead the delivery of local security initiatives, reporting, monitoring and incident handling whilst ensuring alignment with Group Security Policies, strategies and requirements.

**Duties and responsibilities**:

- Accountable for the development and implementation of the organisation's cyber security strategy and associated products and services
- Play a proactive part in increasing their cyber security posture in Azure
- Governance of Information Security controls within the business and its third parties.
- Reduce and manage Cyber Security risks, maintaining risk registers and associated improvement plans to protect all relevant information
- Partner with business stakeholders across the company to raise awareness of risk management, ensuring we are Operationally Resilient at all times
- Lead the assessment of security issues and the investigation of security incidents to protect the company and customer assets (e.g. data, network, server, access, people) while also protecting the HML brand and reputation
- Monitor system use and identify breaches, making use of automation at all times
- Reporting of Information Security Metrics, identification of Gaps and tracking improvements. The delivery of the high level responsibilities will include (but not be limited to):

- Drive security requirements in the business and advise business stakeholders on security matters.
- Help to define and influence the Group's information security strategy.
- Manage and drive the security roadmap on behalf of the HML business to ensure the strategy is delivered as agreed
- Sponsor, oversee and guide the delivery of security projects.
- Maintain visibility and monitor the operation, effectiveness and performance of cyber and information security controls, ensuring they remain fit for purpose and that issues are identified, re mediated and reported/escalated as needed.
- Review and approve all technology and business changes in line with security considerations.
- Influence and assist the development of information security policies, standards, and other requirements, interpreting them in relation to specific business information systems.
- Drive adoption of and manage compliance with group information security standards and policies and compliance with relevant legislation/regulation and external standards obligations such as PCI DSS.
- Review the cost-effectiveness and practicality of current and future Cyber procedures and systems. Make suggestions for the improvement of these procedures and systems.
- Provide technical advice to and oversight of, those who install, administer, and update computer-based security solutions, controls and configurations.
- Support new acquisitions, ensuring security improvement plans are in place and that cyber risk is managed correctly.
- Documentation of Cyber incidents as well as the analysis of the circumstances enabling or permitting these incidents to take place.
- Work with internal and external audit functions to deliver audits efficiently and re mediate findings.
- Ensure third parties are delivering services securely and within risk appetite, including working with procurement teams as necessary.

**Skills and Experience**
- Conversant with the latest developments and technologies in the Information Security industry.
- Experience working within a regulated environment
- Working knowledge of Cloud Security best practices, frameworks and compliance
- Understanding of firewalls, proxies, SIEM, antivirus, IDS/IPS and other technical security solution concepts.
- Ability to identify and risk assess Cyber and Information Security threats along with vulnerabilities to provide appropriate mitigation.
- Ability to challenge existing processes and procedures to ensure that HML remains current and up to date on Cyber technologies and tools
- Excellent written and verbal communication skills and the ability to build relationships at all levels of the organisation.
- The desire to remain conversant with developments in the information security industry and to develop further knowledge.
- Practical experience of operating within the Cyber Essentials Framework Desirable:

- Knowledge of networking foundations; IP Addressing, DNS, routing etc
- Several years of experience working across a broad spectrum of different IT areas from an Information Security perspective.
- Appropriate Information Security qualification, for example, CISM, CISSP, GIAC etc.
- Cyber