Our client is one of the UK’s leading critical infrastructure providers who are looking for a Chief Information Security Officer (CISO) to ensure the base-line level of Cyber Security and Information Assurance management across the organisation. You will be responsible for validating the level of regulatory compliance to the business and senior stakeholders.
You will ensure that security plans, policies and practices reflect the changing operational environment. Accountable for Cyber Security across the organisation and for delivery of enduring, fit for purpose and robust Cyber Security and Information Assurance management function.
- Supporting the CIO in discharging Security responsibilities. Providing Security Leadership, support, challenge and expertise.
- This is an opportunity to influence the Board and Executive Leadership to support the creation of an effective Cyber Security Culture and Strategy. Provide the right controls to defend the business as well as enabling the buildout of pioneering and innovative security solutions.
- Provide executive leadership, vision and managerial oversight in the development and implementation of the cyber security strategy across the business both operational and nonoperational.
- Provide effective Leadership to the Cyber Security team so that they proactively analyse and directly respond to internal and external cyber threats in order to protect the business.
- Create and lead the communication and dissemination of information security policies, and advise governmental departments regarding internal or external data security potential threats.
- Provide testimony and technical guidance to legislators and the judiciary; serve as media relations liaison for cyber security and information assurance matters.
- Represent the business in all matters relating to cyber Security and Information Assurance for UK, European and International agencies.
- Create a security culture aligned with the Vision and Strategy, creating the right environment for the culture to be embedded in the organisation.
- Ensure through engagement with the whole organisation, that industry and technical information and knowledge can be translated into a secure, informed series of processes that can demonstrate compliance against business standards for cyber security and information assurance, both for regulatory and commercial compliance processes, but potentially for future competitive advantage in commercial tenders.
- Ensure that security plans, policies and practices reflect the changing environment in which it operates in a proportionate way, in line with established corporate risk tolerances, and the wider governance team that has already established various requirements and governance processes.
Qualifications, professional knowledge and Skills
- Membership of an appropriate Professional Body relevant to Cyber Security.
- Educated to Degree level in an appropriate discipline e.g. Cyber Security.
- Significant experience in leading Cyber Security Vision and Strategy in an organisation that is safety critical and/or critical to the National Infrastructure.
- Experience of leading security cultural change within a large complex organisation.
- Proven ability to influence across an organisation and up to Board Level with a proven track record of excellent written and verbal communication skills.
- Experience of leading awareness and change management initiatives within large organisations.
- In-depth knowledge of the e Crime landscape including Malware, Phishing, Social Engineering and other associated risks.
- A good understanding of the Audit and Assessment procedures required to identify cyber vulnerability and weakness in an organisation.
- Experience of the Development and implementation of appropriate risk mitigation plans, policies. Processes and technical controls.