Head of Information Security, Risk and Compliance

London, England, United Kingdom

Applications have closed

Callsign

Marking a new era in passive authentication, fraud prevention and intelligence. We make digital identity simple and more secure.

View company page

Founded In 2012, Callsign's mission has been to make Digital Identity simple and secure for everyone and everything. In that time, we've grown to over 200 employees, opened offices in Singapore and Abu Dhabi, been recognised as a WEF Global Innovator and our technology is being used by many of the world's leading financial institutions to keep millions of consumers safe. But we aren't stopping here. The identity revolution has only just begun, and we are looking to hire the brightest and inquisitive minds to help us make every web, mobile and physical Interaction seamless and secure. If this sounds like you, lets chat

We are looking for an experienced and ambitious Head of Information Security, Risk and Compliance to join our highly regarded Security Risk team at Callsign. Within this role you will be responsible for driving the development and excellence of Callsignʼs Information Security and Data Privacy Risk programs. Work as part of an amazing team of like-minded individuals with a can-do attitude to change the world.

The successful candidate will work to deliver the objectives within Callsign's Information Security strategy and further enhance a security program that identifies and addresses information security and privacy risks and security requirements. The right candidate will manage the process of gathering, analysing and assessing the current and future information security and privacy threats to Callsign. They will also maintain and monitor the information security best practices as they develop.

Callsign is a fast-moving working environment and you will work with senior leaders and managers across Callsign to drive the information security agenda and ensure that it meets compliance requirements. The role holder will also play a key role in the evaluation of current Information Security breach management processes and ensure that Callsign can meet its mandatory data breach notification obligations should the need arise.

Responsibilities:

  • Work with senior managers to develop and enhance Callsign’s existing information security programs and ongoing security projects that address information security risks and compliance requirements.
  • Manage the process of gathering, analysing and assessing the current and future threat landscape, as well as providing senior managers with a realistic overview of risks and threats in the enterprise environment.
  • Lead the preparation and oversee the delivery of information security audits including ISO 27001, SOC 2 and client audits.
  • Assist the Commercial teams to manage presales security due diligence and Client management efforts.
  • Monitor and report on compliance with security policies, as well as the enforcement of policies across the company.
  • Evaluate and update new & existing policies and procedures to ensure operating efficiency and regulatory compliance.
  • Support the Data Privacy team to implement the data privacy and compliance framework to ensure that Callsign can meet regulatory requirements and deliver compliance with data subject rights.
  • Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
  • Oversee development of Callsign’s three lines of defence.
  • Assist the Head of Third Party Risk to build and maintain the Third Party Risk Management Program
  • Work with Head of Business Resilience to ensure Callsign meets its obligations for Business Continuity and Disaster Recovery Planning
  • Develop a strong working relationship with key stakeholders across the business to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements.
  • Stay informed of regulatory changes including cyber security developments and their impact on IT requirements, including relevant data privacy requirements.
  • Develop and improve key metrics and OKRs for reporting to executive management and the Board

Requirements

  • 5+ years' relevant experience in an information security, governance, compliance and risk management role
  • Excellent knowledge and understanding of information risk concepts and principles as a means of relating business needs to security protocols.
  • Excellent understanding of information security concepts, protocols, industry best practices and strategies.
  • Good understanding of system technology security testing (vulnerability scanning and penetration testing.)
  • Good understanding of IT and information environment, preferably in security, compliance/audit or infrastructure.
  • Deep understanding of information security standards including ISO 27001, BS10012, Cyber Essentials, NIST.
  • ISO 27001 lead auditor desired

Your Approach

You will be able to:

  • Present a clear and concise view of Callsign’s information risk posture with the ability to articulate results to top management
  • Work collaboratively with business leads to take ownership of risks and drive down risk scores to tolerable levels
  • Take full ownership of key “in development” risk frameworks for information, third party and data privacy risk and drive to high degrees of maturity
  • Advise Callsign’s security committee and data governance groups and top management on matters relating to information risk
  • Apply your deep knowledge to a technology setting
  • Demonstrate exceptional and effective communication skills through a range of methods and media to reduce complex ideas to simple terms and express these both to non-technical and highly technical audiences.
  • Consult effectively and where appropriate drive for consensus, influence and persuade others to take a specific course of action even when there is no direct line of command or control.
  • Work effectively and authoritatively with senior managers and colleagues across the company.
  • Analyse and solve complex issues, innovating to resolve problems and thinking strategically
  • Extensive experience of planning, prioritising and organising the work of yourself and others, and delivering tangible high-quality outcomes.

Benefits

Competitive

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Audits Compliance Governance ISO 27001 NIST OKR Pentesting Privacy Risk management Security strategy SOC SOC 2 Strategy

Region: Europe
Country: United Kingdom
Job stats:  13  2  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.