Magnet.me  -  Het slimme netwerk waarop hbo‑ en wo‑studenten hun baan of stage vinden.

Het slimme netwerk waarop hbo‑ en wo‑studenten hun baan of stage vinden.

Deze vacature is verlopen. Je kunt daarom niet meer liken of solliciteren.

Vergelijkbare vacatures bekijken

IT Security Governance Manager

Geplaatst 24 mrt. 2024
Werkervaring
4 tot 6 jaar
Full-time / part-time
Full-time
Functie
Soort opleiding
Taalvereiste
Engels (Vloeiend)

Je carrière begint op Magnet.me

Maak een profiel aan en ontvang slimme aanbevelingen op basis van je gelikete vacatures.

Role purpose

Reporting into the Head of IT Security, this role will encompass defending Travelex against Cyber threats. This has a dependency on optimising our technology to be based on sound Cyber security principles for us to accurately manage and defend any such attack placed upon the organisation.

Cyber Security is seen as a key strategic pillar within the organisation as the methods attackers use evolve Travelex recognises the requirement to remain dynamic in its defence against such threats. The Information Security Governance Manager will help identify and operationalize records information management (RIM) initiatives and standards that need to be applied to the operating environment. Key functional areas of the role include initiatives governing Travelex’s client and administrative data / information in accordance with ethical, legal, and contractual requirements. The successful candidate will have a broad infosec & governance knowledge, security monitoring, up to date know of threat landscape, ISO, GDPR, Cyber Essentials, Risk, Compliance and Governance.

Key accountabilities

Relationship management

  • Develops and maintains robust relationships with key business stakeholders to ensure assurance analysis is visible and in line with agreed customer expectations.
  • Ensures the smooth integration of new assurance standards.
  • Raise awareness and profile of Cyber across the business at all levels.

Management information

  • Writes and speaks fluently on all aspects of work and communicates effectively with all levels of management.
  • Produces accurate, timely and relevant MI for the Head of Security Operations, CISO and the team as required.

Communication

  • Writes and speaks fluently on all aspects of work and communicates effectively with all levels of management.
  • Responsible for pro-active and regular communication with other areas of IT and the business in relation to Assurance analysis.
  • Actively communicate and seek feedback from colleagues and customers.
  • Play a participative part in Team Briefs.
  • Be proactive in the provision of feedback and the delivery of ideas to develop and improve the Assurance service.
  • Ensure feedback to line manager outlining general activities of role and ‘how we are doing’.

General

  • Undertakes any necessary training associated with the duties of the post and participates in training and development procedures.
  • Complies with all Company Health and Safety policies and legislation in the performance of their duties and responsibilities.
  • Maintains confidentiality and observes data protection guidelines.
  • Carries out any other reasonable duties commensurate with their capability.

Essential

Specific

  • Support business leaders in client-facing engagements and act as an IT Ambassador in records and information management initiatives.
  • Help develop, maintain, evaluate, and implement policies and procedures in line with both, business requirements and national and international legislative changes.
  • Help ensure IT's services are well aligning with records and information management guidelines.
  • Participate in internal and external client audits as it relates to IT governance and compliance.
  • In partnership with Business Services, ensure services are properly positioned within client RFP responses as well aligning responses at a Global level.
  • Oversee internal and external client audits as it relates to IT security and compliance.
  • Assist with third-party IT vulnerability assessments.
  • Work with IT personnel to ensure awareness and alignment of ongoing client, industry, and best practice compliance obligations.
  • Align services to support RIM requirements and standards, globally as applicable.

Data Governance & Compliance

Ensure that the following activities occur in accordance with Travelex approved information governance policies, including:

  • Administer document classification audits and coordinate remediation activities
  • Help develop guidance, processes, and tools / controls to ensure data is structured and secured appropriately
  • Help ensure data integrity of core client data across systems

Data Privacy

Help ensure appropriate controls are in place to enforce confidentiality, privacy, and security obligations for protected information, including:

  • Help advise legal teams on how to manage protected information
  • Manage access entitlement reviews of sensitive information.
  • Help identify and contain risk relating to information management, and foster a compliance culture
  • Provide practical recommendations and solutions to complex and/or technical issues
  • Coordinate the development and maintenance of supporting procedures and processes
  • Serve as liaison to, and foster good working relationships with Legal aiding with information governance issues
  • Assist with responding to information requests from partner and other internal and external parties
  • Respond proactively to both business and project issues and escalates appropriately

Technical Skills

  • Extensive information security experience across broad security domains.
  • Experience in security monitoring, detection, prevention, and control systems.
  • Ability to stay current with intrusion detection systems, hacker techniques, phishing schemes, emerging logical security threats, and compromised server techniques.
  • Knowledge and experience of industry standards such as ISO 27001, Cyber Essentials, Cyber Essentials Plus and SOC 2
  • Solid understanding of data handling best-practices and information management and governance
  • Knowledge of cross-border regulations, such as GDPR and EU data Privacy rules a plus
  • Experience in RIM, privacy and cyber governance, risk and compliance frameworks and controls
  • Understand legal and regulatory RIM requirements across sectors
  • Develop privacy guidelines & architectures and assist with implementation of roadmaps that include consideration of traditionally problematic areas such as governance, consent management, privacy-by-design and pragmatic approaches to records retention and deletion
  • Perform security maturity assessments, RIM assessments and design and implementation reviews
  • Proven ability to identify and assess complex risks and understand the mechanisms (people, process, technology) available to manage those risks
  • Knowledge of the core concepts underlying privacy - consent, fair processing, legal basis for processing, anonymization/pseudonymisation, privacy-by-design
  • Help obtain and maintain existing and future accreditations in accordance with applicable regulations, client-requirements, and industry best-practices
  • Experience working with technical people responsible for implementing security technology
  • Broad understanding of technology and legal applications preferred
  • Experience working with technical people responsible for implementing RIM technology
  • Ability to dig into details as well as analyse data from a high-level view
  • Understand compliance, legal and ethical obligations organisations should have with respect to logical and physical security, personally identifiable information, and data protection

Desirable

  • Strong verbal and written English communication. Ability to communicate effectively at all levels and to influence key stakeholders.
  • Professional approach with a confident assertive style and sstrong interpersonal and presentation skills
  • Ability to build & maintain strong relationships with peers and colleagues.
  • High level of quality focus.
  • A “Can Do” attitude
  • Financial Services industry experience.
  • Familiarity with ITIL concepts as incident, problem and change management
  • Certification such as CISSP, CISM, CISMP, GCIH, CEH, CCNA Security, Security+, CHFI, etc.
  • Awareness of IT Security Compliance (PCI DSS, Data Protection Act, Sarbanes Oxley, ISO17799, etc)
  • Bachelor’s in computer science/IT/Electronics Engineering, M.C.A. or equivalent University degree
  • Minimum of 4-6 years of experience in the IT security industry.

What’s in it for you?

We believe our colleagues are our key differentiator. We aim to create a safe and dynamic environment where all colleagues can thrive, feel supported and engaged, and reach their full potential

  • Company pension scheme
  • Holiday – 25 days plus bank holidays! We are keen to reward loyalty, so the longer you work with us, the more holidays you get
  • Employee discount platform with Everyday Rewards by Bupa
  • Employee assistance programme

Headquartered in London, Travelex has a rich heritage in foreign currency, pioneering the travellers’ cheques of the past and the digital payments of the future.

Financieel & Banken
London
1.600 medewerkers