Head of Information Security - London, United Kingdom - Tes Global

Tes Global

Verified Company

London, United Kingdom

2 weeks ago

Posted by:

Tom O´Connor

beBee Recruiter

Description

Title:
Head of Information Security

Department:
Technology

Location:
Sheffield or London

Full time, permanent

Salary:
£90,000

Tes is an international provider of software-enabled services passionate about using technology to make life easier for schools and teachers.

All products and services are built with teachers and schools needs at the core, ensuring they are innovative, trusted education solutions.

Role overview:

The Head of InfoSec position requires an enterprise-minded and visionary leader with sound knowledge of business management and a working knowledge of cybersecurity technologies covering the corporate network as well as the broader digital ecosystem.

In addition, the Head of InfoSec will be viewed as a business leader and should have a track record of competency in the field of information security and/or risk management, with seven to 10 years of relevant enterprise grade experience, including five years in a significant leadership role.

Key Responsibilities:

Develop an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensure senior stakeholder buyin and mandate.
Create the necessary internal networks among the information security team and lineofbusiness executives, corporate compliance, audit, physical security, legal and HR management teams to ensure alignment as required.
Responsible for ensuring engagement from key stakeholders and helping them define the risk appetite of the firm.
Facilitate ongoing management of security steering committee. Advise management on how best to securely exploit technology to drive the business's transformation aspirations.
Oversee security awareness training program for all employees, contractors and approved system users, and establish metrics to measure the effectiveness of this security training program for the different audiences.
Ensure effective measures are put in place to protect Tes internal / customer data in line with current legislations.
Developing and embedding mature processes that focus on Risk Management and incident response. Carry out risk assessments and conducting frequent GDPR compliance audits.
Work with stakeholders to develop Business Continuity and Disaster Recovery plans across the business.
Advise Platform Engineering, Development, Product teams on SDLC security architecture and how to continually reduce the attack surface.
Develop and maintain a document framework of continuously uptodate information security policies, standards and guidelines. Oversee the approval and publication of said documents.
Create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection of information assets.
Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the information security, and review it with stakeholders at executive levels.
Monitor advancements in educational technologies and threat horizons.

What will you need to succeed?

Hold at least one of the following

Security Management Certifications:
CISM, CISSP, CSSLP, CISA, AWS Certified Security Specialty. (CISSP preferred)

Leading Information Security functions in Enterprisescale / software development environments essential.
Minimum of seven to 10 years of experience in a combination of risk management, information security and IT jobs. (at least five must be in a senior leadership role)
Proven experience in benchmarking against ISO27001 and NIST frameworks.
Demonstrable securityrelated experience in public cloud platforms (mostly AWS). Indepth knowledge of security services available in these platforms and how they can be applied to strengthen security posture in a SaaS business.

Strong interpersonal skills

Senior stakeholder negotiation and influence / external vendor relationships. Excellent written and verbal communication skills with the ability to communicate information security and riskrelated concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists.
Proven experience of Least Privileged / Zero Trust adoption, Data Leakage Protection strategies in enterprise businesses.
Strong experience having developed and managed business continuity and disaster recovery plans for largescale SaaS businesses.
Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
Must be a collaborative security leader with strong business acumen, critical thinker and have effective problemsolving skills.
Deep understanding of data security across the business.
Experience working with thirdparty managed service sup