Information Security Officer
Fexco Technology Solutions are seeking an experienced Information Security Officer, to manage the information security activities across the Fexco Group. The successful candidate will have responsibility for information security and will also act in an advisory role across all functions with respect to best practice data governance, IT and Cyber risk security. Fexco Technology Solutions delivers a broad range of IT services to the overall Fexco Group. These services include project management, software development and the overarching responsibility for the IT Infrastructure & Security. Main Responsibilities. Operate and maintain an ISO27001 Information Security Management System. Maintain and keep current the IT risk register, including providing regular risk reporting for group committees. Assess emerging and new external threats and provide guidance for any required mitigations. Maintain and update information security policies and procedures. Support in the rollout and embedding of those policies and procedures. Drive security awareness campaigns for all users including phishing exercises. Support all business units in deployments of new technologies; assess information security and data protection risks, which may include assisting in preparation of DPIAs and vendor risk assessments, security design workshops, and solution evaluation. Liaise with various teams within Fexco Technology Solutions and the wider Fexco Group, providing guidance on information and IT security matters. Review and sign off on appropriateness of security controls. Maintain and update security reference architecture to ensure adequate security controls are deployed and operating effectively. Operate a SIEM and other monitoring tools for security monitoring purposes. Liaise with internal, external and client audit teams to support security audits providing evidence of security controls and their effectiveness as required. Participate or lead information security incident responses where required. Organise and deliver information security programmes of work, in conjunction with Project Management and engineering support teams. Assist business areas with the management of cyber and security related issues where 3rdparty outsourcing arrangements are in place in line with emerging best practices in this area. Qualifications / Experienced Required. 5+ years’ experience in Information Security or related discipline - preferably in financial industry. Experience in managing an ISO27001 information security management system. Technical expertise, with an ability to understand networking and application security concepts and practices. Solid understanding of systems architecture; cloud technologies; software development lifecycles; infrastructure, including in the areas of desktop/server/network device hardening; encryption & firewalls. Experience in operating in a regulated environment is preferred. Knowledge of DevSecOps and ability to liaise with software development teams. Experience in information security incident response. CISM, CISSP, CISA or similar industry qualification preferred. Experience in supporting external security audits. Experience in operating in a PCI DSS environment is preferred. Available to travel if required. Competencies Required. The successful candidate is likely to be: Good communication and interpersonal skills; proven team player, comfortable and capable of professionally communicating and negotiating - both verbally and in writing - with a wide range of customers. Self-motivated and able to demonstrate strong organisational skills. Must be able to work underpressure and autonomously; successfully managing a diverse workload. Fexco is proud to support and promote a diverse and inclusive workplace.
11 days ago