Job title: Information Security Assurance Lead
Reporting into: Head of Information Security
Information Security at Rothesay
The Information Security team works across the business to drive business resilience and information assurance across operational, development and business teams. They’re responsible for Rothesay ’s ability to maintain the confidentiality, integrity and availability of Rothesay’s systems and maintain the reputation of the organisation.
Under the leadership of the Chief Technology Officer, Rothesay has launched a multi-year project, Project Quest, to redevelop and modernize the full technology stack, encompassing pricing and other analytics, risk management, market data and trade capture and reporting.
Project Quest is progressing well and we are in the early stages of migrating functionality onto cloud infrastructure, which provides an exciting opportunity for the information security team to become even more closely involved in the project, including defining and implementing cloud controls, designing and establishing secure connectivity, managing identities in a cloud first ecosystem, and designing best in class security operations.
We are looking for an experienced Information Security Assurance Lead to join this high performing team and help deliver exceptional value to the business. The successful candidate will be working with stakeholders at all levels across the business to drive effective security assurance and working closely with the Head of Information Security in building a world class Information Security function. The successful applicant will be expected to integrate into a small team and hit the ground running, picking up technologies and helping drive the transformation of the organisation from a compliance led to a risk focused information security practice. You will also have management responsibilities with one junior member of the team reporting to you, with chance for this to grow as the team does.
- Work closely with the Head of Information Security to develop and implement an effective security strategy, supported by robust policies, standards and processes utilising industry standards, regulatory requirements and the current threat environment as inputs
- Support Rothesay’s digital’s transformation by defining a control framework to operate securely and ensure continuous assurance and monitoring across the environment.
- Act as primary lead on the day to day management of the Information Security Risk process with focus on identifying risks and driving risk reduction and process improvements
- Drive, own and improve the 3rd party information security risk management process and ensure Rothesay has visibility and oversight of risks across the ecosystem
- Leading compliance efforts across ISO22301 and IS027001 and drive the annual recertification efforts across the firm.
- Lead the information security assurance activities including acting as a primary point of contact for Information Security related audits.
- Lead on all information security awareness activities and focus on building a cyber-aware culture at Rothesay by regularly driving awareness on relevant cyber security themes
- Provide risk-based, accurate, practical and sound guidance, opinion and support to operational and strategic change initiatives, BAU activity, projects and breach and incident remediation plans
- Develop and maintain MI, Key Risk Indicators (KRIs) relating to the security control environment and feed information across various governance groups
- Work closely with the internal compliance team on data protection related initiatives including driving efforts to ensure Rothesay’s data map is maintained and further developed
- Conduct investigation on key incidents as they arise and drive the completion of relevant mitigating steps aimed at containing and recovering from the incident in order to minimise impact to Rothesay. Contribute to driving improvements across Rothesay’s BCP framework and resilience initiatives
- Maintain reliable, up-to-date information on security trends and government regulations, especially in the financial services industry
Skills and Experience:
- At least 3 years’ experience in information assurance or similar role
- Experience with relevant security frameworks and standards such as ISO27001 and NIST standards.
- Strong understanding of cyber controls and cyber risks to identify and evaluate control effectiveness and identify any potential gaps between information security risks and existing controls
- Experience in conducting third-party audits / assurance is essential
- Good understanding of various cyber technologies such as endpoint protection, DLP, insider threat protection and mobile device protection
- Experience with implementing and effectively maintaining ISO27001 and ISO22301 across the business
- Good knowledge of Information Security practices relevant for cloud technologies
- Ability to develop security standards and guidelines based on best practices, regulatory requirements and industry standards
- Must have IT Infrastructure knowledge mainly around process and controls
- Ability to work as part of an extended IT team with shared strategy and vision
- Ability to negotiate with business and suppliers on matters of security
- Organised with a proven ability to prioritise workload, meet deadlines, and utilise time effectively
- Previous experience in an in financial services is considered a plus
- Information Security Certifications such as CISSP, CRISC or ISO27001 Lead Implementer
Rothesay actively promotes diversity and inclusivity. We know that our success depends on our people and that by nurturing a culture that values difference, we create a stronger, more dynamic business. We welcome applications from all qualified candidates, regardless of race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability or age.