Head of Information Security

Company Description

OUTsurance is a customer-centric financial services company with a global foot print. We are vibrant, successful and values orientated with an awesome dynamic culture encapsulated by the ethos that clients and staff “always get something OUT.” Our success can be attributed, amongst other things, to the outstanding people that work for us.

Adversaries are working around the clock to beat defences, compromise networks and steal sensitive company data. To stay ahead of the threats we are looking for an inspired, creative and dedicated Head of Information Security to head up the Information and Cyber security function that is responsible for all strategic security planning and control oversight to ensure that effective security related risk mitigation takes place throughout the company and as governed by the Group Cyber Security Control Framework.

Job Description
**Responsibilities**

As the Head of Information Security, you will be responsible for but not limited to the below:

- Leadership, management and mentoring of the Information security area and its respective teams.
- The maintenance and maturing of the security operating model and its underpinning processes and practices.
- Responsible for defining, prioritising and driving the overarching yearly Cyber Security plan as well as the supporting plans, e.g. security pen test and security awareness programs.
- The development and maintenance of security standards, guidance and playbooks.
- Accountable for the effective and reliable identification, detection and resolution of Cyber security incidents.
- Accountable for preparation of the quarterly Cyber Security Forum presentations as well as chairing the Forum.
- Working together with the relevant teams to complete questionnaires, assessments and impact studies related to requests from e.g. the Regulator & Group Cyber benchmarking assessments.
- Responsible for managing and monitoring third parties supplying Cyber security solutions and services.
- The measurement and reporting on the efficiency and effectiveness of cyber security controls.
- The identification and monitoring of environmental, threat, and technology trends to optimise the effective short
- and medium-term deployment of cyber security controls, contributing to the strategic security roadmap.

**Competencies**

The successful individual would need to demonstrate the below listed competencies at an advanced level:

- 'Can do' attitude, comfortable dealing with ambiguity, resilient, strong team player, committed to continuous improvement
- Very strong interpersonal skills and the ability to build relationships
- Problem-solving with strong decision-making mind-set
- Takes initiative and works under own direction
- Engages professionally
- Adapts and responds positively to change
- The ability to multitask and handle stress to meet project deadlines
- Enthusiasm, energy, determination and a passion for improving client experience through digital platforms
- Works meticulously always demonstrating a very high level of attention to detail
- The ability to multitask and handle stress
- Strong problem solving skills and willingness to roll up one’s sleeves to get the job
- Excellent written and verbal communication skills
- Ability to communicate effectively with executive management

Qualifications
- 9 years’ experience in Cyber Security of which at least 5 years should’ve been in leading technical and operational security functions and teams.
- Strong security and technical background.
- Practical experience to implement industry best practices and frameworks.
- Strong people skills and experience of building, managing and upskilling teams of specialists to meet the objectives of the Cyber security plan.
- Work closely with the IT Risk Team to ensure Cyber risks are captured & maintained in line with the Group Risk Management framework.
- Relevant security accreditation and certifications, e.g. CISSP, CISM, CISA, CCSP.
- Your technical background should cover a wide spectrum of security engineering and operational security skill sets. This must include but is not limited to experience (preferably hands on and technical experience) in the following areas:

- **_ Cyber Engineering:_**_ including gateway firewalls, Web Application Firewalls (WAFs), MFA, Internet proxies and security architecture & design._
- **_ Offensive Security:_**_ Infrastructure, internal, external, web, mobile, API and cloud pen testing._
- **_ Application Security:_**_ Secure coding solutions, training and awareness on secure coding best practices._
- **_ Defensive Security: _**_Cyber incident response & management, including incident breach simulations._
- **_ Cyber Operations:_**_ Endpoint security (e.g. security client maintenance & endpoint hardening), Vulnerability management, EDR management, log retention strategy & implementation._
- **_ Cyber Governance: _**_Data loss prevention, maintain & expand Cyber security metrics, 3rd party secu