Skip directly to search

Skip directly to content

 

London

Chief Information Security Officer

Cyber Security
 
 

Responsibilities

Reporting to the CIO, the Chief Information Security Officer (CISO) is the Head of Internal Tech security, driving the IT security strategy and implementation forward whilst protecting the business from security threats and cyber-hacking. Operational compliance to all ISO and other standards and regulations are included. This is a senior role, with a global people management responsibility covering cyber and information security, compliance and business continuity planning. Given the rapid growth of the business, its entrepreneurial culture and the fast-changing requirements of its client base, there is a need for a high level of adaptability, with a focus on training and communication and parameter protection.

Key responsibilities:

  • Lead the Security practice across the company to ensure consistent and high-quality risk management in support of the business goals.
  • Define the digital risk approach and operating model in consultation with stakeholders
  • Manage the security budget
  • Manage a global security team, consisting of direct reports and dotted line report
  • Develop the vision and strategy for security that enables and facilitates the business objectives and ensure senior stakeholder buy-in and mandate.
  • Develop and enhance an up-to-date risk management framework based on the following; Organization for Standardization (ISO) 2700X, ITIL and National Institute of Standards and Technology (NIST).
  • Create and manage a unified and flexible control framework, working with Legal to integrate the widely varying and ever-changing requirements resulting from global laws, standards and regulations.
  • Participate in the corporate risk governance structure, including the attendance on risk steering committee or advisory board.
  • Provide regular reporting on the current status of cyber and information security risk to senior business leaders and the board of directors as part of a strategic enterprise risk management.
  • Ensure that relevant risk requirements are included in contracts by liasing with Legal.
  • Understand and interact with related disciplines to ensure the consistent application of policies and standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management.
  • Provide clear risk mitigating directives for projects with components in the IT, OT, IoT or digital domains, including the mandatory application of controls.
  • Be the owner of the IT section of the company's Code of Conduct.
  • Liaise with external agencies, such as law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong digital risk posture and is kept abreast of the relevant threats identified by these agencies.
  • Liaise with the enterprise architecture team to build alignment between the digital risk and enterprise architecture, thus ensuring that IT risk requirements are implicit in these architectures
  • Work with Legal to ensure that all information owned, collected or controlled by or on behalf of the company is processed and stored in accordance with the applicable laws and other global regulatory requirements, such as data privacy.
  • Manage and contain cyber and information risk incidents and events to protect corporate IT assets, production facilities, safety to human life and environment, intellectual property, regulated data and the company's reputation.
  • Monitor the external threat environment for emerging threats, and advise relevant stakeholders on appropriate courses of action.
  • Monitor and protect information flows in the digital ecosystem to ensure adherence to legal and regulatory standards.
  • Develop and oversee effective disaster recovery policies and standards to align with the enterprise business continuity management (BCM) program goals, with the realisation that components supporting primary business processes may be outside the corporate perimeter.
  • Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in a risk event; provide direction, support and in-house consulting in these areas.

 

 

Qualifications and Experience

The CISO is a business leader, and should have a track record of competency in the fields of information and cyber security, security architecture and risk management and compliance.

Requirements:

  • Minimum of 10 years of experience in a combination of risk management, information security, and IT or OT jobs (at least five must be in a senior leadership role).
  • Strategic leader and builder of both vision and bridges and able to energize the appropriate communities within the larger digital ecosystem.
  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate digital risk and risk-related concepts to technical and nontechnical audiences at various hierarchical levels ranging from board members to technical specialists.
  • Sound knowledge of business management and a working knowledge of risk and security technologies covering corporate, production and digital ecosystem networks.
  • Up-to-date knowledge of methodologies and trends in business, IT and OT.
  • Proven track record and experience in developing risk policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic cross-business environment.
  • Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Payment Card Industry/Data Security Standard.
  • Ability to lead and motivate global cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
  • Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is desired.
  • Knowledge of common risk management frameworks, such as ISO/IEC 27001, ITIL and NIST.
  • High level of personal integrity, as well as the ability to handle confidential matters professionally, and show an appropriate level of judgment and maturity.
  • Well-developed influencing skills and powers of persuasion.
  • Have the agreed strategic goals and direction of the business at the heart of all comments and advice at all times.
  • Strong team player with the ability to be objective and self-sufficient as required
  • Flexibility and able to multitask in this fast moving and rapidly growing environment

 

Additional Information

The CISO position requires a leader with sound knowledge of business management and security in the digital world. The CISO will proactively work with business units and ecosystem partners to implement practices that meet agreed-on policies and standards. The CISO understands and oversees security and risk management activities to ensure the achievement of business outcomes where business processes depend on technology.

The CISO should understand and articulate the impact of risk on  business and be able to communicate this to senior stakeholders for them to appropriately balance this with their risk appetite and appropriate investment levels.

The CISO must be knowledgeable about how security supports business outcomes for internal and external business environments to ensure that information and digital production systems are maintained in a fully functional, safe and secure mode, while ensuring that no harm comes to people and the environment. The ideal candidate must be a builder of consensus and bridges between business and technology. He or she needs to be an integrator of people, process and technology.

We are listening

How would you rate your experience with Endava so far?

We would appreciate talking to you about your feedback. Could you share with us your contact details?