Information Security GRC Vendor Lead
Salary £120,000 - £130,000 per annum
Consultant Darius Goodarzi
Date posted 09 August 20192019-08-09 2019-10-08 banking London London GB GBP 120000 130000 130000 YEAR Robert Walters https://www.robertwalters.co.uk https://www.robertwalters.co.uk/content/dam/robert-walters/global/images/logos/web-logos/square-logo.png
My client, an International Financial Services organisation, is looking for an Information Security GRC Vendor Lead to join their growing team.
About the GRC Vendor Lead position:
The UK Information Security Vendor & GRC Lead role is an opportunity to lead a significant service provider through a constantly evolving Security landscape. Finding a balance between risks, order, control, innovation, and high quality performance to maximise their delivery and ensure effective protection of a systemically important financial market infrastructure.
My client is looking for someone who is excellent at forming business relationships with key stakeholders and vendors to remove barriers and enable collaboration and effective delivery. Developing an open relationship with the vendor to identify smart opportunities to improve delivery and execution across a continually improving set of Security Controls. They are also looking for someone to build a framework to demonstrate interlocked organisations beyond just the GRC function, but wider in to other key functions of Security Architecture and Security Operations.
- Contribute to the overall security strategy in its annual iterations
- Provide strategic direction specific to Security Vendors & GRC
- Provide strong knowledge of building security into Technology functions, frameworks and processes
- Work with Vendors to ensure the client's Security Strategy is embedded in their approach and engagement with the client. Identify opportunities to improve Vendor delivery to front-run the strategy where possible
- Engage across all the Security functions to ensure that oversight with the Vendors covers appropriate levels of engagement
- Provide direction and advice on projects related to security portfolio to strengthen the overall cybersecurity posture
- Enhance security programs in response to regulatory requirements, internal audit and planned strategic initiatives
- Foster relationships with key functional teams such as IT, Operations, Finance, HR, Internal Audit, and Enterprise Risk to support current and future initiatives.
- Keep informed of new and updated industry frameworks and regulations: ISO 27001/2, SANS Top 20 Critical Security Controls, NIST CSF, SP 800-53, PFMI, CPMI ISOCO and FFIEC handbook
- Keep informed of new and emerging security threats & assess effectiveness of current controls to identify opportunities for program improvement
- Translate relevant directives, guidance, and rules into actionable data for consumption by the CISO and Security.
- When appropriate, represent the client in security in financial sector-wide consortia, establishing the client's buy-in and representing the client's interests, e.g., National Institutes for Standards and Technology (NIST), Financial Systemic Analysis and Resilience Center (FS-ARC), Financial Services - Information Sharing and Analysis Center (FS-ISAC), United States Treasury Financial Services Sector Coordinating Council (FSSCC), United States Department of Homeland Security (DHS), et al.
- Actively maintain and mature Security’s relationships with its counterparts at Designated Financial Market Utility (DFMU) partners.
- Significant functional security expertise with broad understanding of competencies and the lifecycle of application security management
- Experience developing or managing security programs preferably across several domains including metrics and reporting for program maturity and risk reduction
- Experience defining program roles and responsibilities, assessing / identifying knowledge gaps across teams and implementing required training plans
- Ability to collaborate effectively with others to drive forward key security objectives
- Strong documentation and report writing skills (to both technical and business audiences).
- Knowledge of policy frameworks and understanding of policies, procedures, guideline structure
- Knowledge of firewalls, IPS, DLP, proxies, SEIM, & endpoint protection software
- Knowledge of Protocols/technologies such as SOA, HTTP, SSL, LDAP, JDBC, Servlet/JSP, SQL, XML
- B.S. in a technology discipline (Computer Science, Information Management, Computer Engineering, Cybersecurity or equivalent)
- Security certifications such as CompTIA Security +, CISSP, CISA, CRISC, CCNA, GIAC, or equivalent or working towards certification is preferred
- Knowledge of Risk Management life cycles based on an established framework: ISO 27001, SANS, NIST SP 800-53, CERT, ENISA.
- Working knowledge of the following frameworks and regulations: ISO 27001/2, SANS Top 20 Critical Security Controls, NIST CSF, and FFIEC handbook
- An advanced degree would enhance the candidate’s credentials
If the above is of interest please reply ASAP to this ad. Otherwise feel free to call me on 0207 509 8040 for further information.