To drive a cyber security strategy and develop operational capability for the Firm, identifying security solutions, strategies and standards. As Head of Information Risk & Security you have a combined role of Security Consultant, Security Manager and Security Advisor with responsibility to protect and ensure that information, systems and premises are proactively secured at all times. To support our global ambitions across our 12 key locations, you will be responsible for working with key stakeholders across the Firm and the executive team to build out the existing team of 2, recruiting additional resources. We are seeking someone with flexibility to work across multiple international regions and time zones, with the potential for some travel.
Strategic Leadership and Execution
• Actively manage the development and implementation of the global security posture for the Firm, as well as ensuring policies, standards, guidelines and procedures are fit for purpose to mitigate against cyber threats and provide a strategic information risk and security capability.
• Plans, directs and oversees implementation of comprehensive security systems and controls to protect the Firm.
• Leading and directing collaborative teams to identify, develop, implement, and maintain security processes, practices, and policies throughout the organization to ensure it is as resilient as possible.
• Drive a reduction of risk, respond to incidents, limit exposure and liability in all areas of information, financial, physical, personal and reputational risk.
• Hire, recruit and train the best talent to build and enhance the security capability of the global Firm.
• In partnership with the organisation's executive leadership team, direct the development of an effective strategy to assess and mitigate security risks, manage crises and incidents, support continuity of operations, and safeguard the organisation, our clients and our data.
• Ensure the organisation's compliance with the local, national, and international regulatory environments where applicable to the accountability of this role (i.e. privacy, data protection, and environmental, health and safety).
• Work with executive leadership to ensure risks are transparent and understood and to prioritize budgets and the required remedial activities.
• Develop a strategic vision for the function, grow capabilities and offerings to meet business objectives, while balancing a deep understanding of company objectives with current and emerging client requirements, external trends and the broader cyber threat landscape.
Security Planning and Performance
• Proactively manage the firms Information Security Management System, the associated documentation, assurance activities, evidence, measures, corrective actions and risk portfolio.
• Research and deploys state-of-the-art technology solutions and innovative security management techniques to safeguard the organisation's personnel and assets, including intellectual property and client data.
• Establish appropriate standards and associated risk controls.
• Oversee incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary.
• Be available 24 hours a day, as appropriate to support the resolution of critical incidents.
• Coordinate with external law enforcement agencies in the investigation and handling of crimes/accidents.
QUALIFICATIONS & EXPERIENCE
• Must be a confident, intelligent, articulate and persuasive leader who can serve as an effective member of the senior management team and who is able to communicate security-related concepts to a broad range of technical and non-technical staff.
• Must be able to thrive in a highly interactive team environment and possess highly effective interpersonal, communication, collaborative, and leadership skills.
• Must have experience managing and dealing with direct reports.
• Able to work well under pressure, multi-task, and deliver on multiple priorities.
• Bachelor's Degree or relevant experience within a similar professional services role.
• CISM and/or CISSP qualifications (or equivalent) would be preferred.