Information Security Officer - Sheffield, United Kingdom - Sopra Banking Software

Sopra Banking Software

Verified Company

Sheffield, United Kingdom

1 week ago

Posted by:

Tom O´Connor

beBee Recruiter

Description

Company Description

Sopra Banking Software works with more than 1,500 banks, building societies and specialized finance providers across more than 80 countries worldwide. We help them to develop, deliver and operationalise their digital transformation strategies. Using our suite of digital banking products and services enables these organisations to deliver remarkable financial services to their clients.

Job Description:

Sopra Banking Software (SBS) are embarking on delivering a significant programme over the next 2 years, which will improve the experience of millions of customers in the UK.

We are looking for an Information Security Officer (ISO) to lead the development of the programme's security posture, ensuring appropriate certifications, processes and operating model are in place.

The ISO plays a critical role in ensuring a highly effective and secure service for one of our major UK clients.

Reporting directly to the UK Head of SaaS & Cloud Services (S&CS), and facing off to senior stakeholders across Europe, including the CISO, the ISO will be expected to demonstrate Leadership, strategic planning and experience in establishing Information Security Management Systems which comply with government standards.

High-Level Objectives:

Responsible for all aspects of Security delivery for the Major UK Client.
Be the goto authority for all Securityrelated issues and strategies regarding service delivery to the Client.
Identify, manage, and mitigate information security risks.
Align information security strategy with business goals and objectives.
Ensure compliance with relevant local and international laws, as well as internal policies.
Foster a culture of information security awareness and continuous improvement.
Drive the adoption of best practices in data protection and cybersecurity.

Core Responsibilities:

Strategic Leadership: Develop and implement an annual information security roadmap in alignment with business objectives.
Compliance Management: Keep uptodate with legal and regulatory changes, ensuring timely compliance and client commitments.
Risk Assessment: Ensure regular Data Protection Impact Assessments, vulnerability scans, and risk assessments are executed.
Stakeholder Engagement: Liaise with internal and external stakeholders including regulatory bodies, auditors, and thirdparty vendors to ensure alignment of Security standards & plans
Incident Management: Develop and maintain an incident response plan. Handle security incidents and breaches effectively.
Budget Management: Responsible for the Security Budget associated with the service.
Policy Development & Enforcement: Create and enforce policies related to emerging trends which may impact the service to our client.
Performance Metrics: Establish, monitor, and report on KPIs to assess the effectiveness of the information security program.
Resilience Testing: Ensure periodic resilience and penetration testing to evaluate organisational preparedness is executed
Employee Training: Evangelise and enable regular training and awareness programs on various aspects of information security relative to the service.
Vendor Risk Management: Perform security assessments on thirdparty vendors and manage associated risks.
Board Reporting: Provide regular reports to the internal and external senior management on the status of information security and risk.

Qualifications:

We are interested in hearing from you, if you have most of the following attributes:

Minimum Competencies & Experience:

Educational Qualification: Relevant security professional accreditations, such as CISSP, IBITGQ, (ISC) with evidence of how these have been applied into a working role.
Experience: Minimum of 5 years of experience in information security, preferably in the financial services or technology sectors.
Technical Skills: Proficiency in common security tools and platforms, including SIEM, firewalls, and endpoint protection.
Legal and

Regulatory Knowledge:
Familiarity with GDPR, ISO 27001, and other relevant information security laws and standards.

Communication Skills: Excellent written and verbal communication skills, with the ability to convey complex information in a clear manner.

Preferred Competencies & Experience

Experience in delivering to government agencies, particularly in Technology / IT practices
Experience in working within a Service Integration and Management (SIAM) model
Experience leading or participating in crossfunctional teams across departments like legal, human resources, and operations, particularly in the context of incident response and compliance.
BPSS Security Cleared

If you do not have all of the above experience or skills we would still like to hear from you.

As part of our hiring process new employees will be required to pass a confidential consumer credit check and DBS check. This is a straight forward credit check for CCJ's, bankruptcy and