Senior Cyber & Information Security Governance Specialist

Job Description

The VacancyOVERALL SUMMARYThis role will focus on analysing, developing and maturing CBAMs Cyber & Information Security Governance; aligning with industry-standard frameworks, ensuring our ability to resiliently safeguard our Clients, our people, and their assets. The role is central to CBAMs ongoing maturity journey in the cyber security space, understanding that constant evolution is required in the face of changing threats; and how we align the constant maturing of our controls against threats, operation and riskreduction. The role offers excellent opportunities for an individual who has a desire to grow CBAMs cyber and information security framework and influence and educate positive change through the next stages of our journey. The role reports into the Chief Information Security Officer (CISO) within the COO area of the business. RESPONSIBILITIESCyber and information security governance

• Responsible for the maturity and embedding of the chosen cyber security framework across CBAM, with a particular focus on nurturing the core foundations of policy, standard, process and procedure. This work should align with the principles of InformationSecurity Management Systems (ISMS).
• Responsible for the upkeep and maturity of above ISMS, including lifecycle, approval, updates and compliance.
• Support the assessment of chosen controls and their applicability to chosen frameworks, helping identify and prioritise areas of improvement through a risk-based lens.
• Enhance the reporting ability of colleagues for governance and risk forums, supporting them in providing a picture of what truly matters in terms of maturity and risk reduction.

• Act as the party responsible for collaboration between CBAM SMEs and internal and external audit, ensuring excellent and timely outcomes from all parties.

• Support colleagues across the Chief Operating Officers wider team as pertinent to alignment with the ISMS and/or cyber & information security framework (e.g. IT-based policy requirements)

Communication, Reporting & Culture

• Represent CBAMs strong cyber and information security culture
• Shape and influence the messages coming out of the CISO team, ensuring that there is a consistent tone in respect of priority, control improvement journey and risk reduction
• Collaborate closely with colleagues across the Close Brothers Group, influencing the direction of travel in respect of cyber security risk and governance
• Responsible for delivering cyber and information security governance messaging to internal committees up to Board level

Risk & Compliance

• Assess gaps against chosen cyber and information security frameworks, including control maturity assessments and report them in a consistent, agreed format.
• Support strategy and investment of the CISO portfolio on a risk reduction basis, using assessments against aforementioned gaps.
• Responsible for ensuring all cyber and information security policies are up to date and include all appropriate requirements from adjacent internal and external policies, including regulations.
• Responsible for the regular refresh of policy documentation and associated approvals.
• Responsible for ensuring compliance against policies, standards, procedures and processes within the cyber and information security remit.

WE WOULD LOVE TO HEAR FROM YOU / PLEASE APPLY IF:

• Certified Information Systems Manager (CISM), Certified Risk and Information Systems Control (CRISC) or related certification
• Experience working within a cyber and/or information security governance team in the first or second line, ideally using an ISMS or equivalent
• Experience responding to and working with audit teams
• Highly detail focused with an excellent technical writing style
• Organised and favours working to schedules and deadlines
• Proficient with Excel reporting and other data presentation tools
• Proficient with creating impactful and succinct PowerPoint presentations

IT IS NOT ESSENTIAL BUT IT WOULD BE GREAT IF YOU:

• Certified Information Systems Security Professional (CISSP), or related certification
• Previous experience working with or deploying NIST or FSSCC (CRI) frameworks
• Working knowledge of technical infrastructure, networks, databases and systems
• Prior experience working within a financial service organization.
• Project management skills.

As an employer, Close Brothers Asset Management is committed to equality and valuing diversity within its workforce. We provide equality of opportunity and will aim to ensure that no employees or candidates are subject to discrimination on grounds of any characteristicsincluding but not withstanding gender, gender identity, marital status, sexual orientation, race, colour, nationality, religion, age, disability, working pattern, caring responsibilities, political beliefs. We appreciate that from time to time, recruitment agencies will have speculative CVs that they may wish to submit to our Talent Acquisition team in relation to a specific role. To avoid any ambiguity around fees, please note that speculative CVs received by Close Brothers, that have not been authorised in advance, by us, will be ineligible for an agency fee. Thank you.