We can only accept applications from candidates who already have the right to live and work in the UK at the time of their application.
The Opportunity
Dealogic’s Information Security Program is essential to protect the assets and enable the growth of the business in the demanding world of financial technology.
The Information Security Manager joins a highly-visible and growing team that is at the leading edge of the enterprise-level cultural change that Dealogic needs in order to meet our strategic goals, including: world-class customer service, lock-step business alignment, extending our managed service to the cloud, implementing an increasingly mobile client platform, satisfying rigorous audits, attaining external certifications (eg, ISO27001, SOC2, ISO20000), and more.
The Role
Reporting to the CISO & Head of IT Governance, the Information Security Manager will set the strategic direction and manage all aspects of Dealogic’s global IS program, including a small team. Key responsibilities include:
- Own existing and implement new IS policies and procedures aligned with organizational risks and business strategy to drive continual improvement of the IS program
- Coordinate internal/third-party audit program: monitor compliance with and performance of defined IS controls within the organization and also among service providers
- Document IS policies and perform regular reviews of existing documents
- Provide direct training and oversight to Dealogic employees and third parties on IS policies and procedures; initiate, facilitate, and promote activities to improve awareness
- Own the risk register: manage identification, assessment, and treatment of risks
- Manage Business Continuity/Disaster Recovery plans, including regular testing
- Work closely with developers and architects to ensure that security requirements are defined and delivered through the Software Development Life Cycle (SDLC)
- Coordinate response to assessments (eg, by clients and external certifying bodies), including ISO27001 certification
- Evaluate third-party tools and services; manage projects to deliver new solutions
- Provide leadership and guidance as the subject matter expert on the processes, best practices, and functions of information security disciplines, technologies, and guidelines
About You
- Highly capable of delivering presentations, leading workshops, and providing training (ie, public speaking)
- Able to understand objectives and perspectives of diverse stakeholders
- Able to persuade, influence, and negotiate to achieve the best result
- Able to understand problems and determine strategic implications
- Produces well-written and thorough documentation
Skills & Experience
Education/Qualification
- Degree educated or equivalent
- High-level IS qualification (e.g. CISM, CISSP, ISO27001)
- Risk Management (e.g. CRISC) (desirable)
- IS Audit (e.g. CISA) (desirable)
- ITIL Foundation (desirable)
- Project Management (e.g. PMP, Prince2) (desirable)
Languages
- Excellent standard of spoken and written English
Character
- Strategic focus
- Willing to challenge established thinking
- Positive attitude with commitment to deliver great work
- Navigates difficult and/or complex situations, maintains focus, and brings clarity
- Communicates confidently and effectively at all levels of management, including executives and board
- Earns respect and builds trust by demonstrating value
- Driven to develop and nurture relationships
- Passionate about providing high-quality customer service
- Seeks to understand problems, devises creative solutions
- Pragmatic approach to delivering results
- Acts with integrity and accountability
- Has strong opinions but an open mind
- Has strong attention to detail
Technical Experience
- Strong proven experience in Information Security, including defining organizational IS strategy
- High level of experience with ISO27k standard/framework
- Managed internal/third-party audit program
- Expertise in application security/secure SDLC/DevSecOps
- Expertise in security awareness program
- Thought leadership in IS best practices
- Authored policies, standards, and processes
- Managed third-party professional services
- Managed long-term change program/organizational transformation
- Managed third-party consultants (desirable)
- Familiar with Shared Assessment tools (e.g. SIG, AUP) (desirable)
- Experience with (desirable):
- SOC2 audits (SSAE16)
- Vendor management
- Contract negotiations