Role: Cyber Security Manager
Location: London, Hybrid
Full Time Opportunity
Insurance/Finance domain experience is mandatory
We are currently seeking an experienced hands-on Cyber Security Manager to join our team to oversee and manage the organisation's cyber security responsibilities. Their role is to protect information assets, systems, networks, and data from potential cyber threats and attacks. The ideal candidate will have a deep understanding of cyber security in the Cloud as we are embarking on a major program to move to Microsoft Azure. Experience in AWS would also be preferable as we are a multi-cloud environment. Our strategy is focussed on utilising where possible SaaS products and COTS packages will mean that you have experience in designing and implementing cloud security controls.
As we continue to be successful and grow as a business you will be responsible for defining and maintaining the cyber security strategy and framework. The cyber security framework consists of policies, processes, procedures and standards that need to be adhered to including the interlink with cyber security risk management. Along with the governance requirements you will be responsible for overseeing day to day security operations in conjunction with our internal IT team and external service providers and partners. You will act as the main focal point for all cyber security matters across AEGIS London including delivering security awareness and training, and providing security response to incidents.
Duties and accountabilities
- Develop and communicate corporate information security policies, standards and guidelines and updating these in line with the evolving threat landscape across
- Create and update the cyber security strategy to ensure that it is aligned to the business objectives and IT strategy respectively.
- Develop and assess organisational strategies that address information control requirements. Identifies and monitors environmental and market trends and proactively assesses impact on business strategies, benefits and risks.
- Build and maintain a cyber ecurity risk management framework linked to enterprise risk and ICT risk. This should include working across to identify any cyber security risks and presenting them to the Head of Technology.
- Ensures architectural principles and privacy by design principles are applied to new projects and initiatives across AEGIS London. Drives adoption and adherence to policy, standards and guidelines that are created.
- Working in close conjunction with compliance to ensure that cyber security across complies with cyber security frameoworks such as NIST CSF, ISO27001 and ensuring that regulatory requirements for cyber security are adhered to.
- Support external audits and internal audits that are independently carried out, alongisde undertaking maturity assessments and any spot checks to ensure that cyber security policies, standards and requirements are being adhered to.
- Leads the provision of authoritative advice and guidance on the requirements for security controls in collaboration with subject matter experts.
- Oversee a small team including a security analyst and cyber security third party resources as and when required including providing guidance, training and mentorship to enhance the teams skills and knowledge.
- Lead the business response to security incidents, including data breaches, cyber-attacks, and other security-related events including coordinating with internal and external stakeholders and third party services during incident investigations and remediation efforts.
- Ensuring that lessons are learned from any incidents or near misses and that these are fed into the annual crisis management exercises that will be undertaken with relevant stakeholders.
- Continually develop and deliver a cyber security awareness program across continually educating staff on the latest threats and vulnerabilities to the organisation and externally.
- Chair the monthly security group with the relevant business stakeholders and regularly report on the state of the organisations security posture to senior and executive leaders, determining the appropriate metrics to report on.
- Working with the Operations Manager and leading the response from IT on Operational Resilience (OR). Ensuring quality and effectiveness, while overseeing end-to-end OR testing, including budgeting, test type determination, severity assessment, IT-focused testing, review of deliverables, and maintenance.
- Ownership of the Business Continuity Process (BCP) on behalf of the organisation.
- Managing the cyber security Third Party Risk Management program, reviewing our key third parties on a regularly basis from a cyber security perspective and ensuring any risks are identified. This includes the development of cyber risk metrics and reports that are required from key suppliers, in line with our policies, processes and security frameworks and providing these to the Third Party Risk Management team.
- Population of the cyber metrics dashboard and relevant reports to the relevant stakeholders to provide an overview of the cyber security posture
Skills, knowledge and experience
The successful candidate will have/be:
- Relevant industry certifications such as CISSP, CISM or similar
- Demonstrable experience in leading a Cyber Security function with a hands-on approach
- Held an Information Security role in a regulated environment (Insurance or Financial Services desired)
- Familiarity with cybersecurity frameworks and standards (eg, NIST Cybersecurity Framework, CIS Controls, ISO27001, SOC2, etc)
- In-depth knowledge of current and emerging cyber threats, vulnerabilities, and attack vectors and how to protect AEGIS from these
- Experience of deploying identity and access management projects
- Experience of working in a Azure native environment with some experience in multi-cloud environments
- Experience in managing third-party vendors for security services such as SOC, Threat Intelligence, Vulnerability Management, etc
- Strong leadership and team management skills
- Experience of working closely with IT teams to achieve security outcomes
- Experience in building security business cases for leadership to consider