Senior Information Security Officer

Marcus Donald are delighted to offer this Senior Information Security Officer – GRC role for a large Financial Institution. The Head Office is located in London. You will work with company's digital oriented and transformational GRC Team, acting as the business focused risk advisor, helping to translate complex technical risk details to non-technical audience.

**Hybrid Role 2 Days/Week in London**
**Competitive salary range of £90,000-£110,000 + flattering benefits package**

Senior Information Security Officer – GRC; Key responsibilities

• Creating information security policies and standards, and testable curating control libraries
• Preparing business friendly supplier security risk assessment reports that cuts through both technical and business audience
• Identify where Security Exceptions to company's Security Policy is required, establish remediation plans and seek approval by the Regional Information Security Officers.
• Develop a strong working relationship with the rest of the CISO team to validate and assure the existence and effectiveness of mitigation controls.
• Carry out supplier security risk assessments, produce remediation plans, support suppliers to resolve non-compliance issues and help reduce company's risk exposures to tolerable risk thresholds

Senior Information Security Officer – GRC; Required

• Proven experience conducting supplier security risk assessment at a large scale
• Experience testing and assuring information security controls within digital native eco-systems
• Proficiency and prior work experience in multiple cybersecurity technical domains (i.e. Network Security, Endpoint Security, Cloud Security, Security Architecture, Software Security, IAM, Encryption, etc.)
• Knowledge of AWS, Azure and Google cloud security controls and how they can be utilised to mitigate cyber security risk.
• Working knowledge of Industry Standard Product and Program Development Life Cycle, including Secure SDLC and the principles of Agile software development.
• Working knowledge of at least two of the following standards: OWASP, ISO27001, ISO27005, ISO31000, NIST.
• Security certification such as Certified Information System Security Professional (CISSP), ISO 27001 Lead Auditor Certification, PCIDSS Qualified Security Assessor (QSA), Certified in Risk and Information System Control (CRISC), AWS Solution Architect (Associate), AWS Security Specialty, etc
• Ability to interact with key stakeholders, build strong relationships at all levels and across all business units and organizations, and understand business imperatives.

This is a brilliant opportunity for a senior role within a very successful bank, with visibility to all levels of the company.

If you, or someone you know, are suitable for this role please apply via this job ad or contact Phoebe. pburton@marcusdonald.com