Information Security Manager

Job description / Role

GROUP FUNCTION AND BUSINESS AREA PURPOSE
Head of Technology Services is responsible for leading and managing the organisation that handles activities related to Run the Bank and Build the Bank; infrastructure, operations, application support, application development and design, and change management and PMO

ROLE PURPOSE
The Head of Information Security oversees security policies, procedures and systems for data, systems, network and web across the enterprise. This role is responsible for evaluation and selection of security applications and systems and providing line management, leadership and strategic direction for the function and liaising closely with other managers. This expert role will assist in the implementation of security policies and procedures, reviewing security violations and investigating possible security exceptions. The Manager will identify potential areas where existing data security policies and procedures require change. Additionally, this role will define the future direction and technology roadmap for security management within the organization. This role will manage the outsourced vendor teams involved in security operations.

KEY ACCOUNTABILITIES
- Manage the development of IT security standards, best practices, architecture and systems for more than one IT functional area (e.g., data, systems, network and/or Web) across the enterprise.
- Develop the enterprise security strategy, manage security projects and oversee the implementation of processes and methods for auditing and addressing non-compliance to information security standards
- Conduct studies within and outside the organization to ensure compliance with standard practices and industry security norms.
- To be responsible for evaluation and selection of security applications and systems.
- Offer internal management consultancy advice and practical assistance on information security risk and control matters throughout the organization and promote the business advantages of managing information security risks more efficiently and effectively.
- Make recommendations and assist in the implementation of changes to security policies and procedures to strengthen security measures.
- Liaison with related governance functions (such as CISO, Risk Management, and Compliance) plus senior and middle managers throughout the organization as necessary, on information security matters such as routine security activities plus emerging security risks and control technologies.
- Assist in the implementation of security policies and procedures, reviews security violation reports and investigates possible security exceptions, updates, and maintains and documents security controls.
- Prepare status reports on security matters to develop security risk analysis scenarios and response procedures
- To be responsible for the planning, design, enforcement and audit of security policies and procedures which safeguard the integrity of enterprise systems, files and data elements.
- Recognize and identify potential areas where existing data security policies and procedures require change, or where new ones need to be developed.
- Ensures full utilisation of the technology and the licenses available within the bank for security management systems and maximize benefits from existing investments.
- Provide senior management with risk assessments and security briefings to advise them of critical issues that may affect customer, or corporate security objectives.
- Evaluate and recommend security products, services and/or procedures to enhance productivity and effectiveness.
- To be responsible for managing the outsourced vendor teams involved in security operations
- Oversight, line management and leadership of staff within the Information Security Management function
- Maintain relationship with product vendors and ensure updates and upgrades are done in line with the vendors schedule.
- Consult with other business unit stakeholders during project and product development efforts to ensure that appropriate security controls are considered during vendor selection and development effort.

KEY STAKEHOLDERS BUSINESS ACCOUNTABILITY
- Manager Infrastructure Expert group
- Database team
- Network and Communication team
- Operating system team
- Servers and Storage team
- Infrastructure performance team
- Operations Risk
- Risk Management Unit
- Internal Audit

KEY ISSUES OVER THE NEXT 12 - 24 MONTHS
- Streamlining processes.
- Improving the network security architecture.
- Improving security controls through selection of controls and oversight of POC activities.
- Clearly aligning business requirements with security controls.

KEY PERFORMANCE INDICATORS
- Reduction in instances of security exposures and weaknesses for which there are no robust action plans for remedy.
- Improvement in results of independent security assessment against best practices.
- Availability of current and uptodate policy for maintaining the classification, integrity, availability and protection of information.
- Improvement in efficiency and effectiveness of the team in dealing with security alerts.
- Availability of welldefined security standards for the construction of application systems and infrastructure.

Requirements

- Bachelors degree in Computer Engineering / Sciences or relevant work experience
- 10+ years of information technology experience
- 5+ years of work experience in information security management and/or related functions (such as IT Risk Management and IT Audit)
- Prior IT security work experience with a broad exposure to infrastructure/network and multi-platform environments
- Information security management qualifications such as CISSP or CISM
- Prior experience in developing enterprise security strategies, management of security projects and complicated security issues
- Strong understanding of security architecture and design, information security standards, security risk assessment methodologies, and security related compliance issues for corporations
- Good knowledge of standards, procedures, and processes for security management
- Good knowledge of security issues, techniques and implications across all existing platforms
- Strong troubleshooting skills and the ability to collaborate with other infrastructure teams to identify and resolve issues
- Hands-on team leadership and management experience, ideally coupled with suitable management qualifications
- Ability to provide guidance on security policies, develop enterprise security strategies and manage security projects
- Superior communication, presentation and planning skills and the ability to work effectively with people in a wide range of positions and levels

About the Company

Building businesses, changing lives

At Tandem, we’ve built a vast network of top-tier professionals across the globe. We empower businesses to thrive by delivering unmatched talent solutions. With our global reach, collaborative approach, and unwavering commitment to excellence, we drive transformative growth and shape exceptional teams.

Who we are.

We are a team of industry experts, driven by a passion for innovation and excellence. We are dedicated to providing unique talent solutions and nurturing collaborative partnerships that redefine success.