Head Of Information Security
Job & Company Description:As the Head of Information Security, you will be responsible for but not limited to the below:Leadership, management and mentoring of the Information security area and its respective teams.The maintenance and maturing of the security operating model and its underpinning processes and practices.Responsible for defining, prioritising and driving the overarching yearly Cyber Security plan as well as the supporting plans, security pen test and security awareness programs.Driving the operational effectiveness and application of the Group Cyber Security framework for OUTsurance.The development and maintenance of security standards, guidance and playbooks.Accountable for the effective and reliable identification, detection and resolution of Cyber security incidents.Accountable for preparation of the quarterly Cyber Security Forum presentations as well as chairing the Forum.Working together with the relevant teams to complete questionnaires, assessments and impact studies related to requests from the Regulator & Group Cyber benchmarking assessments.Responsible for managing and monitoring third parties supplying Cyber security solutions and services.The measurement and reporting on the efficiency and effectiveness of cyber security controls.The identification and monitoring of environmental, threat, and technology trends to optimise the effective short- and medium-term deployment of cyber security controls, contributing to the strategic security roadmap Competencies: The successful individual would need to demonstrate the below listed competencies at an advanced level:'Can do' attitude, comfortable dealing with ambiguity, resilient, strong team player, committed to continuous improvementVery strong interpersonal skills and the ability to build relationshipsProblem-solving with strong decision-making mind-setTakes initiative and works under own directionEngages professionallyAdapts and responds positively to changeThe ability to multitask and handle stress to meet project deadlinesEnthusiasm, energy, determination, and a passion for improving client experience through digital platformsWorks meticulously always demonstrating a very high level of attention to detailThe ability to multitask and handle stressStrong problem-solving skills and willingness to roll up ones sleeves to get the jobExcellent written and verbal communication skillsAbility to communicate effectively with management Qualifications Qualifications and experience:9 years experience in Cyber Security of which at least 5 years shouldve been in leading technical and operational security functions and teams.Strong security and technical background.Practical experience to implement industry best practices and frameworks.Strong people skills and experience of building, managing and upskilling teams of specialists to meet the objectives of the Cyber security plan.Work closely with the IT Risk Team to ensure Cyber risks are captured & maintained in line with the Group Risk Management framework.Relevant security accreditation and certifications, CISSP, CISM, CISA, CCSP.Your technical background should cover a wide spectrum of security engineering and operational security skill sets. This must include but is not limited to experience (preferably hands on and technical experience) in the following areas:Cyber Engineering: including gateway firewalls, Web Application Firewalls (WAFs), MFA, Internet proxies and security architecture & design.Offensive Security: Infrastructure, internal, external, web, mobile, API and cloud pen testing. o Application Security: Secure coding solutions, training and awareness on secure coding best practices. o Defensive Security: Cyber incident response & management, including incident breach simulations. o Cyber Operations: Endpoint security security client maintenance & endpoint hardening), Vulnerability management, EDR management, log retention strategy & implementation.Cyber Governance: Data loss prevention, maintain & expand Cyber security metrics, 3rd party security assessments, drafting new & expanding existing cyber policies & procedures.