As CFC’s IT Security Manager you will be part of the technology team, the engine room of the business, providing bespoke systems that give CFC its competitive advantage in this dynamic marketing place.
As the Security Manager, you will liaise with security incident response experts, working with our infrastructure and development teams to ensure that our systems are appropriately secure, compliant and resilient while keeping up to date with industry changes. . You will also be expected to continuously educate people across the business in security matters and threats.
About the role
As the Security Manager you will be accountable for setting standards , ensuring that all people across the business understand their own responsibilities in relation to IT security. You will have a clear understanding of how to navigate the inevitable tension between security concerns and business delivery drivers.
You will be responsible for the following:
- Accountability for creating and maintaining standards and their implementation
- Work with stakeholders and staff to nurture a culture where security is always in mind and seen as a critical part of everyone’s responsibility
- Creation of training materials and assisting with the continual upskilling of the whole company in relation to security matters relevant to their roles
- Provide day to day advice in security matters across the business
- Carry out business impact analysis activities relating to new changes and capabilities
- Working with our SOC to ensure that their incident detection models and alert response processes are kept appropriate and up to date
- Coordinating with our MSSP for the scoping and execution of vulnerability scanning and penetration testing
- Curation of security standards for development and infrastructure delivery and operations
- Facilitate internal / external IT security audits.
- Working with development teams during the design phase of architectural changes to ensure that security is considered
- Running tabletop security exercises to test our response plans and capabilities
- Satisfying security related compliance and due diligence requests from capacity providers and auditors
- Scheduling and coordination of DR test exercises
About you
You will be someone that has an exposure to environment where infrastructure management is heavily automated. You will have experience in working with suppliers to negotiate and manage the service they provide. Insurance experience would be advantageous, but not essential. You will be someone that has experience with:
- Defining and implementing IT security policies within a financial services organisation and with a demonstrable understanding of associated risk management
- Knowledge of security in a cloud hosted environment, especially using cloud native technologies in Azure
- Knowledge of secure development practices and relevant tooling
- Experience training others in security matters at all levels
- Great communication skills and the ability to influence others
- Experience running security testing processes such as tabletop exercises, phishing campaigns etc.
- Knowledge of security audit requirements in financial services organisations and a proven track record working with auditors on such matters
Read Full Description