CISO – Chief Information Security Officer – London
You will be responsible for establishing and maintaining the Information Security Programme to ensure information assets and technologies are adequately protected.
As Chief Information Security Officer you will:
- Set security strategy in association with the CTO
- Drive roadmap to deliver key security initiatives
- Communicate and report to senior management, alongside ARC/ISG/MRC Regional board
- Set policy and maintain ISMS
- Manage information security risk
- Review and ensure security requirements of all Data, Applications (SDL), Cloud and Infrastructure (network, system, database) are compliant with information security and compliance standards
- Oversee and be accountable for all security controls implementation and monitoring
- Be a focal point for the business/technology/product to understand challenges and security impacts, and help stakeholders make well-informed decisions
What We Expect Of You
- Knowledge of current IT Security standards regulations such as PCI-DSS, BS7799/ISO27001, SOX, GLBA, DPA, ISF, COBIT, Competition commission legislation, E-commerce regulations,
- Experience with security in a cloud native environment is a must
- Strong security foundation knowledge and practices in identity and access management, authentication, authorization, crypto, protocol security, perimeter security, OS hardening, threat intel, vulnerability assessment and penetration testing
- Demonstrable experience contributing to or running security education programmes across development and infrastructure teams and across employees as a whole
- Demonstrable ability to balance and prioritise security requirements with business objectives and financial constraints
- Experience maintaining PCI DSS and DPA standards
- Experience with application security including threat modelling, secure coding practices, API security, security architecture design and review
- Good understanding of newly emerging IT technologies and architectures in a corporate environment
- Excellent relationship building and communication skills with the ability to engage people from diverse cultures and different levels.
- Strong stakeholder management skills, working across the global business and the Ant Financial group to leverage knowledge and resources from this network, often managing virtual teams
- Prepared to travel and make connections into the Ant Financial group.
- Must be fluent in the English language both written and verbal. Ability to speak Mandarin Chinese would be a plus