Job Description
Head of Information Security (CISO) (RETAINED BY WGG)
Manchester | £120k to £140k plus additional £60k to 70K in bonus & bens.
Head of Information Security (CISO) - North West - On site.
Salary 120k to 140K - Bonus 35%, 7k car allowance, Excellent Pension, Health and additional bens.
As the Head of Information Security (CISO) for this North West based organisation you will oversee the development and compliance of a comprehensive information security management (ISM) program, which ensures the organisation is suitably protected against cyber related security threats.
The role title is Head of Information Security, but you will in effect operate as the CISO for this organisation, working closely with the CIO & Board to protect key infrastructure from cyber threats in the wider North west region.
As the Head of information Security, you will develop and govern the information security strategy (IT/OT) aligned to the overall business strategy. Working with executive stakeholders including the CIO, CEO, SLT & the Information Security Steering Council to ensure alignment of the cyber security strategy.
You will prioritise and optimise the cyber security portfolio based on the IS strategy and business needs whilst manage the development and ongoing maintenance of the ISO27001 registration and cyber security control framework.
There is currently a planned headcount for 31 people with a Capex budget of 35m and an Opex budget of 30m for the next budget period. There is significant investment and this is seen as a priority by the board and C level leadership.
People leadership and management are key in this role as will be the evidence of delivering something significant as part of your security career.
When in post if you deliver and are successful, this position has the potential to be a career defining role.
Ideally you will have experience of as much of the following as possible:
- Experience in an information security leadership, CISO or high-level enterprise security architecture roles.
- Significant stakeholder management skills & board level reporting.
- Experience in developing and administrating an information security program within a formal framework such as ISO27001.
- Good information security assurance experience in an out-sourced environment, including policy and standards delivery, monitoring, auditing of compliance.
- Experience in defining and monitoring Service Level Agreements and Key Performance Indicators.
- Detailed understanding of information security related law and regulations such as GDPR and NIS Regulations, market trends, products, and services.
- CISSP accreditation or equivalent is desirable but not essential.
- Experience in regulated environments would be ideal.
For this role you will need to Security cleared to SC level, but this is reliant on Government sponsorship and company specific, so it would be sought after appointment to the role.