Head of Information Security

Job content

Reporting to the Head of Run activities for Specialized Finance, the primary purpose of this role is to lead the information security organisation for Specialized Finance.

Accountable for

• The information security management system (ISMS) for ACF.
• Leading a team that has the capacity and capability to deliver on the information security needs of the organisation.
• Delivering an information security roadmap plan that drives the Specialized Finance division of Sopra Banking Software forwards in meeting new industry standards and to guide delivery teams across the organisation to successfully achieve such a plan.

Responsibilities

• Management of a mature Information Security Management System [ISMS] certified to ISO 27001:2013 and developing the information security roadmap to extend the ISMS to cater for additional Specialized Finance products where they are run as a service.
• Management of an existing ISO 27017:2015 certification [as first certified in 2021].
• Development and implementation of new and emerging security controls and standards, especially linked to Cloud best practices.
• Ownership of four ISAE 3402 SOC1 Type II reports for product lines SFP Wholesale, Aurius, SFP R&R and a customer single entity report using the SFP R&R product.
• Point of contact for customer led information security topics, to include contract negotiation, audits, questionnaires and meetings.
• Management of emerging information security threats and risks, including the review of data from existing tools in place, e.g., BitSight, Aqua.
• Co-ordination of network security/penetration testing exercises, including supplier relationships.
• Point of contact for both internal and external security incidents, including the maintenance and execution of an incident response plan as necessary.
• Manage an internal information security audit program focused on risk management and control effectiveness.
• Ownership of information security policies and procedures.
• Information security guidance to Specialized Finance employees and liaison with the wider Sopra Banking information security organisation.
• Design of information security training for new staff and annual awareness exercises.
• Alignment and co-ordination with the Quality Manager who assists with the overall management of an Integrated Management System [IMS] that includes certification to ISO 9001:2015.

What are we looking for?

• In depth experience in an information security role.
• Strong working knowledge and understanding of information security frameworks, risk management, incident management (including Critical Incident Management), IT infrastructure operations and application security best practices.
• Previous experience of implementing ISO 27001 along with other information security frameworks, e.g., NIST, CCM, CAIQ, Cyber Essentials Plus.
• Leadership skills.
• Excellent written and verbal communication skills.
• Ability to lead and participate in information security forums with a global customer base.

What are we offering?

By joining the Sopra Banking Software team you will enjoy a market competitive salary and our excellent rewards and benefits schemes including a 6% pension contribution, employee share scheme (buy one get one free), an option to buy or sell holiday days, medical insurance, critical illness cover, a health cash plan, and we offer flexible working arrangements to all employees, plus many more excellent benefits.

Sopra Banking Software are proud to be an inclusive employer. This role is supported by flexible working, based from our Bristol office we offer up to 3 days per week flexible remote working, with 2 days per week office based or on customer sites as required. All employees are supported to work from home with DSE assessments and IT equipment where required to be fully productive when remote working.

At Sopra Banking Software, you can come as you are. We embrace diversity in all its forms. We’re committed to fostering a work environment that is inclusive and respectful of all differences, we value diversity at our company and do not discriminate on the basis of race, ethnicity, religion, gender, sexual orientation, age or disability status. All personal information will be treated as confidential according to the Employment Equality act.

As part of our hiring process new employees will be required to pass a confidential consumer credit check and DBS check. This is a straight forward credit check for CCJ’s, bankruptcy and a criminal record check, however if you wish to know more about what is or is not acceptable please ask our recruitment team.