| Title: |
Head of Information Security |
| Reference No. |
2145.2 |
| Company: |
Financial Services |
| Location: |
Mauritius |
| Reports to: |
COO |
| Package worth: |
£150,000 |
The Role
Over the years the Bank has implemented numerous initiatives as part of its Digital Strategy and amongst others has developed a modern and performing Information System. In a continuously evolving environment where the pace of delivery is a strong competitive advantage, the Bank continues to invest and innovate to deliver new products/functionalities and a world-class customer experience to its customers.
Main job purpose
Partners at all levels of the organization to develop, implement, and execute an organization-wide Information Security strategy that optimizes employee capabilities, achieves the organization's strategic objectives, and delivers competitive advantage.
The Head of Information Security is a high-level executive responsible for the development, implementation, and management of the organization's information security and cybersecurity strategy. The role holder plays a critical role in safeguarding sensitive data, ensuring regulatory compliance, and mitigating cyber threats.
Key responsibilities:
1. Information Security Strategy:
• Develop and communicate the organization's information security strategy, vision, and goals to executive leadership and stakeholders.
• Align information security initiatives with business objectives.
2. Cybersecurity Operations:
• Oversee day-to-day cybersecurity operations, including incident response, threat detection and vulnerability management.
• Monitor and analyze security alerts, breaches, and incidents, taking appropriate actions to mitigate risks.
3. Works with Risk Management:
• Identify, assess, and prioritize information security risks and vulnerabilities.
• Develop and implement risk management strategies and controls to protect critical assets.
4. Security Governance and Compliance:
• Establish and maintain information security policies, standards, and procedures.
• Ensure compliance with industry regulations (e.g., GDPR, HIPAA) and data protection laws.
• Liaise with regulatory bodies and auditors as necessary.
5. Security Architecture and Technology:
• Evaluate, recommend, and implement security technologies, tools, and solutions to protect the organization's IT infrastructure and data.
• Collaborate with IT teams to integrate security measures into technology projects.
6. Incident Response and Recovery:
• Develop and maintain an incident response plan and procedures.
• Lead incident response efforts in the event of a security breach or cyber attack.
7. Project Management:
• Together with Technology and Risks, manage projects related to cybersecurity and data security infrastructure
• Program Management of FFIEC Maturity
8. Vendor and Third-Party Risk Management:
• Assess and manage security risks associated with third-party vendors and suppliers
• Manage or participate in the management of specialized vendors: SOC, Red Team, Forensic Service Provider, Legal / Crisis Service Providers
• Review and negotiate security clauses in vendor contracts.
9. Security Metrics and Reporting:
• Define and track key security performance metrics and key performance indicators (KPIs).
• Provide regular reports on the organization's security posture to executive leadership and the board.
10. Budget Management:
• Develop and manage the information security budget, allocating resources effectively to support security initiatives.
Qualifications:
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST.
• Industry certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or equivalent.
Education:
• Bachelor's degree in information security, cybersecurity, computer science, or a related field. A master's degree (e.g., MS in Information Security or MBA) may be preferred.
Experience:
• At least 12 years of experience in a combination of risk management, information security and IT jobs
• Extensive experience in information security, with proven track record.
• Deep knowledge of cybersecurity principles, technologies, and best practices.
• Familiarity with relevant regulatory and compliance frameworks.
• Strong leadership, communication, and interpersonal skills.
• Crisis management and incident response experience.
• Ability to work collaboratively with cross-functional teams.
Specialized Skills:
• Excellent written and verbal communication skills and high level of personal integrity
• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
• Expertise in IT and cyber security
Supervision:
• Team of 15 people