Information Security Officer (ISO)

Marlin Selection Ltd
London
2 months ago
Create job alert

On behalf of our client, a private bank in London, we are seeking to recruit an Information Security Officer.

Job purpose

The Information Security Officer is responsible for providing Information Security strategies aligning with business needs necessary to ensure the confidentiality, integrity, and availability of the Bank’s information by establishment & implementation of information security program in-line with compliance with regulatory requirements.

Key responsibilities

  • Collaborate with IT and operational teams on the security measures to be integrated into business processes. Serve as an advisor to business units on security-related issues and initiatives.
  • Perform Second Line project oversight activities in the evaluation of information security risk for new product, system and other material change projects. Supervision of information security projects initiated by the business and/or Group ISO.
  • Assist in the development, review, and maintenance of information security policies, standards, and procedures. Ensure that policies are communicated effectively across the organization.
  • Develop and implement security awareness programs to educate staff on information security best practices. Conduct regular training sessions and workshops to enhance the organization's security culture.
  • Maintain comprehensive documentation of security activities, assessments, and incidents. Provide regular updates and reports to the Information Security Management System (ISMS).
  • Manage the internal and external information security requirements.
  • Coordinate with stakeholders to meet the internal and external regulatory cybersecurity requirements.
  • Direct an ongoing, proactive information security program for all new and existing systems aligning to business requirements.
  • Support performance of annual budgeting & planning for information security requirements.
  • Determine security requirements by evaluating business strategies and requirements for cloud-based solutions.
  • Support vulnerability management and security testing program to meet compliance and security requirements as per schedule. Liaise with IT & establish remediation plan for identified vulnerabilities/issues identified through various security assessments (VA, PT, Third Party Assessments, etc.).
  • Align with Group ISO in implementing group security strategy for the entity. Liaise with Group Information Security Office (GISO) to align IS requirements compliance/adoption.
  • Responsible for the information security incident management and response, prepare security reports by collecting, analyzing, and summarizing data and trends with support of Group ISO.
  • Coordinate with vendors for evaluation of new technologies & conduct Proof of Concept. Perform security assessment of application, vendor, cloud, and third-party assessment. Responsible for third-party security program to manage potential supply chain security risks.
  • Work with Cloud Security in AWS, Azure, Google or others for defining and designing the security controls for business solutions in cloud environment.
  • Contribute to the evaluation, recommendation, and implementation of cloud security controls in line with emerging cloud technologies and practices across group entities.

Work Experience

  • Working knowledge of banking and securities products and services.
  • Excellent experience and understanding of Information Security, Technology and Cyber Risk management and the required application of these risk domains within the financial services industry.
  • Experience working in a cross-functional environment.
  • Good understanding of the interdependencies between other non-financial risk domains and wider Operational Risk practices.
  • Proven and demonstrable ability to identify, analyze, understand and concisely communicate Technology and Cyber risk, and provide the ‘so what?’ to articulate impact.
  • Understanding and experience of the Audit and Assurance lifecycles within a regulated financial institution.
  • Strong technical and functional knowledge of external Laws, Regulations, Policies and developments applicable to the Technology, Information Security and Cyber function.
  • Solid technical and functional knowledge of financial services internal rules and policies.
  • Experience with development and implementation of a comprehensive and broad set of security controls for cloud infrastructure and DevOps.
  • Demonstrable experience of leveraging best practice and industry standards to uplift framework, process and procedure.
  • Good understanding of the overall operational processes and technology challenges within the financial services industry.
  • Understanding of the Accountabilities, Roles and Responsibilities across Technology and Cyber Security functions.
  • Ability to facilitate clear and effective communication between organisational functions and business units both locally and internationally.

Skills and Experience

  • Bachelor’s degree or equivalent in Information Technology.
  • 5+ years information security experience.
  • CISA, CISM, CISSP, ISO27001 or equivalent.
  • Technology and Cyber Governance Risk and Control Frameworks.
  • Hands-on experience in cloud security and responsibility models for different cloud architectures.
  • Knowledge of cloud security frameworks.
  • Understanding of technology reference architectures of leading cloud service providers like Azure, AWS, Google, etc.
  • Risk, Issue and Event Management.
  • Control Testing and Risk and Control Self-Assessment.
  • Technology, Cyber and Information Security Best Practices.
  • Threat and Vulnerability Detection and Management.
  • Cyber and Ransomware Incident Detection, Response and Remediation.
  • Information and Data Governance Principles.
  • Information security Risk Governance and Escalation.
  • Audit and Assurance.
  • ISO 27001 / NIST / COBIT.

Personal Requirements

  • Strong team player with the ability to communicate and collaborate with business stakeholders.
  • Clear and concise written and oral communication.
  • Excellent accuracy and very strong attention to detail.
  • Good time management and ability to prioritize.
  • Strong analytical and problem-solving skills.

#J-18808-Ljbffr

Related Jobs

View all jobs

Information Security Officer

Information Security Officer - Risk and Audit

Information Security Officer (ISO)

Information Security Officer - Marlin Selection

Regional Information Security Officer

Chief Information Security Officer

Get the latest insights and jobs direct. Sign up for our newsletter.

By subscribing you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Jobs

Common Pitfalls Cyber Security Job Seekers Face and How to Avoid Them

The cyber security industry in the UK and worldwide is experiencing rapid growth. With cyber attacks growing in sophistication and frequency, organisations are investing more resources than ever into defending their digital assets. From penetration testers and threat analysts to security architects and compliance officers, cyber security professionals are in high demand across a variety of sectors—including finance, healthcare, government, and retail. Yet, in spite of this high demand, the process of landing a cyber security role can be more challenging than many candidates anticipate. The stakes are high: prospective employers entrust cyber professionals with their most sensitive data, their compliance posture, and often their core business operations. Therefore, they’re looking for candidates who can demonstrate not just technical know-how, but also excellent communication, adaptability, and an awareness of the broader business context. In this article, we’ll explore the most common pitfalls that cyber security job seekers face, especially in the UK market, and how to avoid them. Whether you’re a recent graduate, a professional transitioning from a different field, or an experienced practitioner aiming for a senior role, these insights will help you stand out and secure the opportunities that fit your skill set and career goals.

Careers

Career Paths in Cybersecurity: From Entry-Level Roles to Leadership and Beyond

Cybersecurity has emerged as one of the most critical and fastest-growing fields in technology today. With data breaches and ransomware attacks making headlines, organisations of all sizes and in every sector are recognising the urgent need for robust cybersecurity measures. As a result, professionals with the right mix of technical and strategic skills are in high demand—offering competitive salaries, diverse career paths, and ample opportunities for progression. How do you begin a career in cybersecurity, and how can you advance from technical roles to leadership positions? In this in-depth guide, we explore the cybersecurity career ladder, outlining roles at entry, mid, and senior levels, as well as the key skills, qualifications, and experiences you’ll need to climb it. Whether you’re an aspiring cybersecurity analyst, a seasoned penetration tester, or an IT professional looking to pivot, this article will help you understand the paths available and how to chart your course towards success in the thriving UK cybersecurity market.

Jobs

Job-Hunting During Economic Uncertainty: Cyber Security Edition

The cybe rsecurity sector sits at the forefront of today’s digital landscape, defending businesses and governments alike from increasingly sophisticated threats. From incident response and network security to cloud protections and zero-trust architectures, cyber security professionals tackle an ever-evolving array of challenges. Yet, even this mission-critical field is not immune to economic turbulence. When broader financial markets experience uncertainty—whether through global recessions, regional downturns, or unexpected macro events—the hiring climate can shift, making roles more selective and budgets tighter. For job seekers in cyber security, this can be disconcerting. You might discover that once-abundant vacancies have become scarce, competition for the remaining positions is fiercer, or company priorities pivot away from large-scale expansions toward essential, cost-justified security projects. At the same time, data breaches and cyberattacks don’t pause during economic slowdowns—if anything, they may escalate as bad actors exploit organizational vulnerabilities. This paradox means that while the market feels tough, demand for cyber security expertise remains robust. In this article, we’ll look at: Why economic uncertainty affects cyber security hiring trends. Strategies for staying competitive, even if the number of open roles shrinks. Methods to highlight your skills, adapt to shifting priorities, and network effectively. Approaches for preserving mental well-being during prolonged searches or uncertain feedback loops. How www.cybersecurityjobs.tech can help you find the ideal security-focused role. By proactively sharpening your skill set, tailoring your professional profile, and engaging with a focused community, you can secure a rewarding cyber security job—even when the broader market feels volatile.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.