As the Information Security Manager, you will report to the Head of IT where your primary responsibility is to improve the firm’s
You will be the subject matter expert for Information Security and will work with the IT Manager and IT team to police the information security policies, procedures and practices within the firm.
You will oversee Information Security activities, strengthen Cybersecurity controls, as well as monitor and advise on security improvements for our 3rd party service providers.
You will also have a deep understanding of Information Security Management Frameworks and an understanding of APRA regulatory standards in Information Security.
You will need to have demonstrated experience taking an organisation through an ISO27001 maturity improvement program.
Objectives of this Role
- Influence Information Security governance for our key third-party IT service providers
- Oversee Information Security risk assessments and audits of current and new third-party service providers
- Establish and maintain security architecture from a high level
- Identify and assess the Information Security impact of regulatory and legislative changes
- Assist the Head of IT in defining the security assurance schedule and corresponding metrics and key risk indicator for measuring the effectiveness of the assurance programme
- Manage relationship and performance of security testing service providers (e.g. for penetration tests or red team testing) in order to ensure planning and execution of these tests is effective in identifying Legal and General’s key security risks
- Support Group IT business with transformation projects by performing security assessments and ensuring that controls and security requirements are being implemented through the transformation lifecycle
- Manage the team in accordance with the Company’s policies and procedures, including the Partnership Agreement, so that the team’s business objectives are achieved consistently
- Ensure alignment to Customer Experience and treat customers fairly
- 8+ years as a standalone IT Security Manager or Infrastructure manager in a medium-sized business accountable for all security related matters
- Successfully managed 3rd party security vendors
- Demonstrated experience with Information Security Framework ISO27001.
- Previous experience managing Information Security capabilities in mid-sized IT environment across cloud technologies.
- Broad experience in computer and network system incident response on IT systems.
- Certifications such as CISSP, CISM, CISA and ISO 27001 is preferable.