Information Security Manager

Enterprise Information Security Manager

Perm

Uxbridge, UK or Amstelveen, Netherlands

Up to £130,000pa or €140,000pa

The Enterprise Information Security Manager is responsible for contributing to and driving the execution of the organization’s Information Security Strategy, and for managing the Information Security team for the EMEA region.

Overall responsible for core security activities in: Security Incident Response, Vulnerability Management, Application Security, Policy Management, Security Risk Management, Security Awareness & Education.

Maintain and grow the expertise of the security team members, and improve the maturity of the team’s security processes.

This role can be performed either from our Amstelveen office in the Netherlands or from our Uxbridge office in the UK.

Responsibilities

* Translates the enterprise security strategy into annual operational plans for the security team.

* Ensuring execution across all subsidiaries, regional entities and NSOs & provides structured feedback loops to the Director on execution progress

* Develop, provide and enforce EMEA’s Security Policies to IT, business, NSO’s and subsidiaries.

* Recruit, manage, coach, develop and motivate a high-performing team of SME’s and Specialists.

* Manage and execute the EMEA Security activities, with its main components: security audits and assessments, Application Security, Vulnerability management, Incident Response & Forensics, Security Architecture, security awareness & education.

* Liaison with the global security organization, an support the alignment and integration of security activities at global level.

* Act as deputy for the Information Security Director as well as deputy spokesperson on all information security matters

* Be responsible for achieving the organization’s security KPIs & Preparing security dashboards, risk summaries, and reports for Steering Committee meetings.

* Accountable for standardising security team’s core processes & owning the audit cycle preparation for internal/external audits.

* Be the designated security contact for the top IT vendors, and represent EMEA in the vendors Security Steerco meetings.

* Ensure ongoing coordination with the Data Privacy and the Compliance organizations, as well as with the Legal, Procurement and HR teams.

* Maintaining and managing the enterprise security risk register.

* Operational owner of enterprise security incidents, reporting to the Director with recommendations and guidance during major incident.

* Responsible for information security finances, managing budgets in line with policies and guidelines.

* Ownership of the Security Maturity Model for enterprise security teams. Responsibility for monthly/quarterly security posture reporting to the Director.

* Keep executive management appraised of the security posture of the organization, and of major incidents and risks to the organization.

Qualifications

Personal Specification e.g. Technical skills, knowledge, experience required

* Extensive experience in IT Security, Risk Management and Compliance, preferably in large multi-national organizations.

* Solid people leadership skills, providing direction, mentoring, coaching to the team, and building positive high-performing working environments.

* Proven budget and project management skills.

* Excellent stakeholder management and communication skills.

* Contractual management and tender writing and evaluating experience.

* Conflict management and resolution skills.

* Experience dealing with and coordinating security incident activities.

* Ability to think adversarially, and good knowledge of the current cybersecurity threat landscape.

* Expert knowledge of current and emerging security technologies and tooling.

* Working knowledge of security standards and frameworks, such as ISO 27001, CIS Top 20, OWASP Top 10, ISF SOGP etc.

* Hands-on experience in one or more of: Security Architecture, Security assessments or penetration testing, Application Security, Vulnerability Management, Forensics, Threat Modelling, Security Incident Response or Security Operations.

* Fluency in English, both written and spoken