CISO – Chief Information Security Officer – London

You will be responsible for establishing and maintaining the Information Security Programme to ensure information assets and technologies are adequately protected.

The Role

As Chief Information Security Officer you will:

  • Set security strategy in association with the CTO
  • Drive roadmap to deliver key security initiatives
  • Communicate and report to senior management, alongside ARC/ISG/MRC Regional board
  • Set policy and maintain ISMS
  • Manage information security risk
  • Review and ensure security requirements of all Data, Applications (SDL), Cloud and Infrastructure (network, system, database) are compliant with information security and compliance standards
  • Oversee and be accountable for all security controls implementation and monitoring
  • Be a focal point for the business/technology/product to understand challenges and security impacts, and help stakeholders make well-informed decisions

What We Expect Of You

  • Knowledge of current IT Security standards regulations such as PCI-DSS, BS7799/ISO27001, SOX, GLBA, DPA, ISF, COBIT, Competition commission legislation, E-commerce regulations,
  • Experience with security in a cloud native environment is a must
  • Strong security foundation knowledge and practices in identity and access management, authentication, authorization, crypto, protocol security, perimeter security, OS hardening, threat intel, vulnerability assessment and penetration testing
  • Demonstrable experience contributing to or running security education programmes across development and infrastructure teams and across employees as a whole
  • Demonstrable ability to balance and prioritise security requirements with business objectives and financial constraints
  • Experience maintaining PCI DSS and DPA standards
  • Experience with application security including threat modelling, secure coding practices, API security, security architecture design and review
  • Good understanding of newly emerging IT technologies and architectures in a corporate environment
  • Excellent relationship building and communication skills with the ability to engage people from diverse cultures and different levels.
  • Strong stakeholder management skills, working across the global business and the Ant Financial group to leverage knowledge and resources from this network, often managing virtual teams
  • Prepared to travel and make connections into the Ant Financial group.
  • Must be fluent in the English language both written and verbal. Ability to speak Mandarin Chinese would be a plus