Information Security Manager - London, United Kingdom - All Africa Capital Limited

    All Africa Capital Limited
    All Africa Capital Limited London, United Kingdom

    2 weeks ago

    Default job background
    Description

    Job Description

    Salary: £85K/yr- £95K/yr

    Hybrid, Full-time

    We are expanding our team and seeking a skilled Information Security Manager to play a crucial role in supporting the security strategy through the identification, mitigation and remediation of information security risks to the business. This role reports to Chief Technology and Operations Officer.

    If you love the thrill of a startup environment and aspire to be part of All Africa Capital's journey toward becoming an authorised Bank, then this is the job for you

    Key accountabilities

    The Information Security Manager will design, implement and maintain the information security strategy for the Bank. The specific accountabilities are:

    • Develop and implement a comprehensive information security strategy aligned with business objectives.
    • Create and maintain an information security roadmap to address current and future security needs
    • You will implement and manage technical solutions to counter cyber security risks.
    • Establish, review, and enforce information security policies and procedures
    • Ensure compliance with relevant laws, regulations, and industry standards
    • Conduct regular security audits and risk assessments
    • Design and deliver ongoing security awareness programs for employees
    • Provide training to staff on security policies, procedures, and best practices
    • Develop and maintain an incident response plan for handling security incidents
    • Lead and coordinate response efforts in the event of a security incident or breach
    • Evaluate and recommend security technologies and tools
    • Collaborate with IT teams to implement and maintain security solutions
    • Monitor emerging threats and assess their potential impact on the Bank
    • Identify and assess information security risks.
    • Implement risk mitigation strategies and controls
    • Regularly update risk assessments based on changes in the threat landscape
    • Evaluate and monitor the security posture of third-parties
    • Prepare and present regular reports on the status of information security to executive leadership
    • Communicate security metrics and key performance indicators
    • Research, design and test processes and technical solutions to counter cyber security risks.
    • Implement and manage the implementation of countermeasures to cyber-attacks that exploit identity and privileged escalation attacks occur particularly in Active Directory and Azure-based environments, as well in the bank architecture
    • Develop, implement, and manage a comprehensive security assurance measures for generative AI usage across the company.
    • Provide thought leadership and creativity to mature generative AI security governance embedding into our existing cyber risk appetite framework

    Key Knowledge and Skills

    Banking

    • Experience with Money Transmitter License (MTL) regulatory standards and audits and ITGC Control audits
    • Degree/diploma/certifications in a technology-related field and/or relevant working experience; highly desired certifications include:
    • PenTest+, Security+, OSCP, CCSP, CEH, GCIH, GMON
    • 5+ years' experience in IT Security and/or IT within a financial services organisation
    • Must have fundamental programming/scripting capabilities (e.g. python, powershell, bash, etc.)
    • Experience in DevSecOps
    • Experience in Cloud Security is a must

    Technical

    • Endpoint security concepts, controls, and best practices for Servers (e.g. Windows and Apple OS)
    • General IT networking concepts, protocols, standards and network security concepts, controls, and best practices
    • Cryptography fundamentals and data security controls and best practices
    • Forensic investigation techniques
    • Prior experience deploying, configuring, managing, and/or operating security technologies is preferred, such as endpoint security (e.g. AV/EPP/EDR), SIEM, DLP, SWG, CASB, UEBA, IDS, IPS, firewalls, IAM/PIM/PAM, vulnerability management, MDM, etc.
    • Deep knowledge of GDPR, FOI, PCI-DSS
    • Deep knowledge of cloud security
    • Knowledge of Microsoft Security Centre and Microsoft Sentinel
    • Deep Understanding of ISO27001:22, NIST, Cloud Security
    • Secure software development guidelines
    • Demonstrated experience with cyber engineering and operations, which could include DevSecOps and MLSecOps is a plus
    • Experience with cloud and security in software architectures
    • Experience with microservices

    Behaviours

    • Excellent written and verbal communication skills and of managing expectations.
    • Excellent stakeholder management skills, with the confidence to challenge supportively and effectively where appropriate.
    • Excellent time management and delegation skills with proven ability to manage multiple projects effectively.
    • Strong leadership skills with the ability to inspire and motivate staff from a variety of backgrounds and experience levels and gain the respect of colleagues at all levels of the business.
    • Builder of positive relationships with a collaborative style used to achieve organisational goals.
    • Able to create an open environment and inspire others to contribute.

    Key Knowledge and Skills