The Head of Information Security is a pivotal leadership position responsible for safeguarding CRS information assets through strategic planning, risk management, and compliance with legal and regulatory standards. This role involves developing and implementing robust security policies and procedures, leading incident response efforts, and fostering a culture of security awareness across the organisation.
The successful candidate will possess strong leadership skills, extensive experience in information security management, and the ability to collaborate effectively with stakeholders to integrate security into business processes.
This position reports directly to the Director of Technology and plays a critical role in shaping the organisation's security strategy and ensuring its resilience against emerging threats.
Roles and Responsibilities
Ownership of InfoSec Strategy & Team Leadership:
• Develop and implement the organisation's information security strategy.
• Lead and mentor the InfoSec team to achieve strategic objectives.
• Foster a culture of security excellence and continuous improvement.
Ownership of InfoSec Governance, Risk & Compliance:
• Ensure compliance with relevant legal and regulatory requirements.
• Conduct regular risk assessments and audits to identify vulnerabilities.
• Establish and maintain security governance frameworks.
Ownership of InfoSec Policy & Standards:
• Develop, implement, and enforce security policies and standards.
• Ensure policies are aligned with industry best practices and organisational goals.
• Regularly review and update policies to address emerging threats.
Ownership of InfoSec Training & Awareness:
• Design and deliver security training programmes for employees.
• Promote a culture of security awareness throughout the organisation.
• Evaluate the effectiveness of training initiatives and make improvements.
• Lead the organisation's incident response efforts, including investigation and resolution.
• Develop and maintain an incident response plan.
• Coordinate with internal and external stakeholders during incidents.
Ownership of Supplier & Product Assurance Processes:
• Manage security assessments of suppliers and products.
• Ensure third-party compliance with organisational security standards.
• Collaborate with procurement and vendor management teams.
Ownership of External Security Reviews:
• Plan and conduct external security reviews and audits.
• Address findings and implement corrective actions.
• Ensure continuous improvement of security practices.
Management & Oversight of InfoSec/Security Operations:
• Oversee Security Operations Centre (SOC) monitoring and applicable security tooling.
• Manage relevant security services and ensure operational efficiency.
• Implement measures to enhance security operations.
Lead on InfoSec Collaboration & Communications:
• Facilitate collaboration between InfoSec and other departments.
• Communicate security risks and strategies to stakeholders.
• Promote transparency and information sharing across the organisation.
Lead Role in Supporting IT Change & Design Board Reviews and Approvals:
• Participate in IT change and design board reviews.
• Provide security guidance and approvals for IT projects.
• Ensure security considerations are integrated into IT change processes.
Person specification
• Ability to develop and implement long-term security strategies aligned with organisational goals.
• Excellent communication skills to articulate security risks and strategies to diverse audiences, and foster collaboration across departments.
• Strong analytical skills to assess security data, identify trends, and develop actionable insights.
• Commitment to maintaining high ethical standards and integrity in all security practices.
• Ability to inspire and motivate teams with a clear vision for the future of information security within the organisation.
• A proactive approach to identifying potential security threats and opportunities for improvement, rather than merely reacting to incidents.
• Ability to build strong relationships across all levels of the organisation, facilitating collaboration and trust.
• Capacity to remain calm and focused under pressure, especially during security incidents or crises.
• Willingness to explore and implement innovative security solutions and practices to stay ahead of emerging threats.
• Keen attention to detail to ensure thoroughness in risk assessments, policy development, and incident investigations.
• Skill in negotiating and influencing stakeholders to gain support for security initiatives and policies.
• Dedication to ongoing professional development and staying updated with the latest trends and advancements in information security.
• A strong sense of ethics and integrity, ensuring that security practices align with the organisation's values and legal requirements.
• Awareness and understanding of cultural differences that may impact security practices and communication within a global organisation.
Technical Skills
• Professional certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or equivalent are highly desirable.
• Extensive experience in information security management, including leadership roles within a similar capacity.
• Proven experience in leading and mentoring a team, fostering a collaborative and high-performance culture.
• Strong skills in conducting risk assessments, identifying vulnerabilities, and implementing mitigation strategies.
• Expertise in developing, implementing, and enforcing security policies and standards Proficiency in creating, enforcing, and updating security policies and standards to maintain robust security practices.
• Experience in leading incident management efforts, including investigation, resolution, and coordination with stakeholders.
• In-depth knowledge of security technologies, tools, and operations, including SOC monitoring and security tooling.
• Familiarity with legal and regulatory requirements relevant to information security (e.g., GDPR, ISO 27001).
• Competent in managing multiple security projects simultaneously, ensuring they are completed on time and within budget.
• Skilled in supporting and guiding organisational change initiatives, ensuring security considerations are integrated into IT projects.
#J-18808-Ljbffr