Chief Information Security Officer
ForgeRock.com
Bristol, England, United Kingdom
5d ago

The employer is a multinational identity and access management software company.

  • Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization.
  • Manage the enterprise's information security organization, including our Business Continuity efforts, which would include hiring, training, staff development, performance management and annual performance reviews.
  • This role will also have direct oversight for Security Operations, and partner strongly with Corporate IT for implementation and operations of technology, and incident response and management.
  • Facilitate information security governance through the implementation of a hierarchical governance program, including being a leading member of the Security and Privacy Board.
  • Develop, maintain and publish up-to-date information security policies, standards and guidelines. Oversee the approval, training, and dissemination of security policies and practices.
  • Create, communicate and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers.
  • Develop and manage information security budgets, and monitor them for variances.
  • Procure / create and manage information security and risk management awareness training programs for all employees, contractors and approved system users.
  • Work directly with the business departments to facilitate Security risk assessment and risk management processes, and work with stakeholders throughout the enterprise on identifying acceptable levels of residual risk.
  • Provide regular reporting on the current status of the information security program to senior management and business unit leaders.
  • Progress the evolution of the company’s security controls toward conformance with : ISO 27001, Cyber Security Essentials, GDPR SOC2, and other applicable standards as required by our business.
  • Provide strategic security and risk guidance for IT projects, including the evaluation and recommendation of technical controls.
  • Partnering with Corporate Privacy, specify the technical systems to support the security controls defined for the corporation.
  • Manage project plans and timelines to implement the technical systems.

  • Specify the security controls for corporate security as well as our software-as-a-service offering.
  • Coordinate information security and risk management projects with resources from the IT organization and business department teams.
  • Create and manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations.
  • Ensure that security programs are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings.
  • Liaise among the information security team and corporate compliance, audit, legal and HR management teams as required.
  • Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings.
  • Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation.
  • Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action.
  • Liaise with external agencies, such as law enforcement and other advisory bodies as necessary, to ensure that the organization maintains a strong security posture.
  • Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security.
  • Understand and interact with related disciplines to ensure the consistent application of policies and standards across all technology projects, systems and services, including, but not limited to, privacy
  • Minimum of eight to 10 years of experience in a combination of risk management, information security and IT jobs. At least four must be in a senior leadership role.
  • Employment history must demonstrate increasing levels of responsibility.

  • Experience in the software-as-a-service and / or platform-as-a-service industries is preferred.
  • Experience establishing security programs for IT suppliers in regulated verticals, including telecommunications and financial services preferred.
  • Experience with FinTech is preferred.
  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-
  • related concepts to technical and nontechnical audiences.

  • Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
  • Strong program and project management skills with a proven ability to define strategy and lead an organization from vision to implementation.
  • Broad knowledge of business process, including disaster recovery, business continuity and risk management.
  • Poise and ability to act calmly and competently in high-pressure, high-stress situations.
  • Must be a critical thinker, with strong problem-solving skills.
  • Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
  • Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
  • Degree in a technology-related field, or equivalent work- or education-related experience.
  • Knowledge of common information security management frameworks, such as ISO / IEC 27001, ITIL, COBIT and ones from NIST.
  • Experience with contract and vendor negotiations.
  • High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity.
  • High degree of initiative, dependability and ability to work with little supervision.
  • Apply
    Add to favorites
    Remove from favorites
    Apply
    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Continue
    Application form