Find The Best Job Vacancies in Various industry sectors 27631+ Job Vacancy

Job Title Chief Information Security

Officer (CISO)

Reports to Chief Technology Officer

Operating Group Information Security Location Isle of Man, Guernsey, Ireland

(Dublin / Navan), UK (Southampton),

home based

Job Purpose

The Chief Information Security Officer (CISO) is responsible for the long-term strategic management of

Utmost’s information security technology and governance according to the Information Security

Management System (ISMS) framework. The CISO is expected to define, develop, and maintain a

business-aligned Information and Cyber Security strategy and operating model for the ongoing

protection of computer networks and information.

You will be a strategic and lateral thinker with exceptional leadership credentials and a sophisticated

approach to stakeholder and supplier management (ideally within the finance sector).

The role requires:

a good overall understanding of the business and the jurisdictions in which we operate; the applicable

legal and regulatory obligations (in particular data protection requirements); a thorough understanding

of the technology underpinning Utmost’s IT systems; and a broad, up-to-date knowledge of information

security frameworks, vulnerability management, incident management and response, secure

development techniques and approaches, Cyber Security engineering and operations, and

management and governance of Cyber risk and Cyber Security.

Key Responsibilities include: 

Information Security Strategic leadership 

Governance & standard development and monitoring 

Security Incident Management 

Cyber Risk management 

Driving Information Security awareness

Main tasks and responsibilities Key Performance Indicators

Security incident Management 

Ownership and management of the Information Security

Incident Management Process. Manage incidents and

their follow-up actions, agreeing the required actions and

ensuring that all required actions are carried out as

required. 

Manage the documentation of policies, procedures,

security guidelines and runbooks to assist in the timely

resolution of Security Incidents. 

Assist with development of relevant BCP plans for IT and

business from a security perspective. 

Ensure that the business

process documentation

created as part of the ISMS

creation is maintained as and

when processes change. 

Security Incidents managed

and closed out as required 

Escalation of incidents within

agreed timeframes 

Adequate and robust testing

of BCP plans 

Ensure all new

implementations are included

in BCP plans/solution

Cyber Risk 

Oversight, management, and reporting on all risks

pertaining to information security, including all forms of

cyber risk and all risks relating to the protection of personal

data throughout the businesses in all locations. 

Developing and monitoring Key Risk Indicators (KRI) and

Key Performance Indicators (KPI), relating to the information

security controls of the businesses. 

Assist in the ongoing assessment of risk to the security of

information, assets, and personnel. 

Assist in management of cyber risk including risk reviews and

mitigation planning. 

Risk assessments carried out to

standard, to agreed schedule,

and as required. 

Ensure complete and

accurate risk register in place

and monitored

Governance / Standards 

Assist with the initial certification and ongoing adoption of

NIST framework. 

Develop and maintain information security documentation

to agreed standards. 

Facilitation of external information security audits,

management reviews and internal information security

audits. 

Define and manage the monitoring of key measures of ISMS

performance. 

NIST alignment and

accreditation 

Documentation that meets

standards and drives

processes. 

Audits progressed smoothly

and with least disruption to the

business as possible. 

All agreed security KPIs

(Including security controls)

monitored and reported as

required.

Information Security Strategic leadership 

Drive and coordinate the management of security through

the sharing of ideas between key security players; the

monitoring of threats and subsequent identification of

opportunities for improvement; and the on-going

monitoring of security activity (e.g., penetration testing

actions) to meet targets; and drive and manage the

development of information security to ensure approaches,

techniques and tools continue to meet needs. 

Ensure that the team become an active part of projects at

an early stage to ensure that all projects take information

security into account; and to carry out - or oversee -

information security risk assessments and ensure that the

results are acted upon. 

Provide training, coaching and internal consultancy to the

business at all levels in relation to the Information Security

Management System, the NIST framework and a wide

variety of IT controls and information security controls, and

in respect of new and evolving IT standards, cyber risks, and

information security issues. 

Authorise the release of system changes into production

environments according to agreed parameters and

processes. 

Provide information security guidance to IT team as part of

project and software development lifecycles. 

Perform regular internal and external security audits and

testing including penetration testing. 

Sharing of security ideas

actively promoted. 

Audit actions (inc. penetration

tests) managed and followed-

up in a timely fashion. 

Applicable threats identified

and actioned within agreed

timescales. 

Ongoing measurable

improvements to approaches

implemented to ensure

information security is

maintained long term. 

Guidance in security risk

assessments provided and

carried out as required. 

Corrective changes

documented and agreed

based on risk assessments and

carried out to plan. 

Change releases checked

and authorised as required

and in a timely manner. 

Project Security Risk

Assessments carried out as

required.

Information Security Awareness 

Assist in the development and delivery of training,

education, and initiatives to promote security awareness

throughout the businesses. 

Broad and effective staff

security awareness delivered

through various media and

judged to be effective.

Cyber Risk Management 

Preparation, management, and reporting of the

Information Security Risk Assessment in conjunction with the

overall Business Operational Risk Assessment. 

Reporting on Key Risk Indicators and Key Performance

Indicators. 

Provide IT and information security control risk input into

projects from inception.  

Contributing to the creation

of a culture of risk awareness

and the highest standards of

corporate governance.

Preparation, management,

and reporting of the

Information Security Risk

Assessment in conjunction

with the overall Business

Operational Risk Assessment. 

Assess operational risks

associated with day-to-day

activities and implement risk

mitigation controls as

necessary. 

Ensure operational risk events

are reported on a timely

basis and risk event actions

are completed within

agreed timelines.

Customer Management  Maintain effective relations

with all key stakeholders

across company. 

Commits to exceeding expectations and needs to

internal/external customers, possesses “customer first” mind

set. 

Ensures that work is accurate and well presented, that

customer care is given priority above all else and that effort

is made to exceed the minimum standard required in all

areas. 

Shows concern for detail no matter how small. 

Takes a pride in doing a job well.  

Quality and timeliness of

communication updates to

all relevant parties.

Appropriate service is

delivered at all times, across

all business lines and

feedback is sought from key

stakeholders to fully assess

the service quality.

Culture 

Is a role model in

demonstrating the

behaviours and culture

across the organization. 

Represents company

strategy and commercial

decisions in a proactive and

positive manner. 

Leads by example, to

motivate and assist with

managing change across

the organization

Knowledge, Skills, and Behaviours

Essential or Desirable

Knowledge    

, Experience or qualifications

At least 8 years’ experience in Information Security, and

experience in people and IT management.

Experience in security tools, technology, and

architecture.

Management experience that encompasses information systems

or information security experience.

Relevant certification is preferred (ISO27001 or NIST lead auditor,

CISSP, CISM, CRISC, CCRO) along with following experience: 

NIST implementation 

Internal audit knowledge 

Risk analysis – systems/projects/changes 

Security technical knowledge / skills 

Information Systems such as Active

Directory, VMware, Firewalls, Network,

Storage, QRadar/SIEM 

IT hardware, software, process appreciation

Essential

Essential

Essential

Preferred

Skills    

Process mapping and data analysis skills.

Analytical skills – Interprets quantitative and qualitative

information to achieve objective and produces effective

solutions to problems.

Ability to work within tight deadlines and deliver solutions within

defined time periods.

Experience working in a complex operational environment.

Essential

Essential

Essential

Essential

Effective verbal and written communication skills and strong

interpersonal skills, good at reporting.

Behaviours 

Cooperative, flexible, adaptable, and persistent. 

Diligence - Being careful about detail and thorough in completing

work 

Integrity - Being honest and ethical 

Must be willing to travel occasionally between offices in all Utmost

territories where required (infrequent)

Essential

Essential

Essential

If you would like to apply for this role, please send your cover letter and CV to

[email protected]

Utmost Group is an equal opportunities employer