An exciting opportunity has arisen for a Head of Information Security within Cabot. This is a permanent role, with travel to Kings Hill, London, and within Europe required.
Job Purpose
To act as the primary Information Security business partner in the UK and Europe for all Cabot security activities. The role involves prioritizing activities to ensure the effectiveness of Information Security and Cybersecurity controls, working with risk and control owners to evaluate control design, effectiveness, and standards. Key focus areas include compliance, operational performance, and enterprise information and cyber risk. The individual must balance these elements while aligning with the Global InfoSec strategy and objectives. The Head of Information Security will also plan for new requirements and work with business leaders to meet the goals of Encore and Cabot securely and compliantly.
Key Accountabilities & Responsibilities
* Member of the Encore InfoSec leadership team, supporting Cabot Group
* Responsible for the security service quality provided to Business Units from internal, shared, and external resources
* Manage executive reporting and strategic decision-making/communications
* Support BU leaders with specific InfoSec responsibilities, including UK FCA SMCR and Ireland CBI SEAR compliance, through effective risk management and issue escalation
* Ensure timely resolution of risk events, audit, risk, and compliance actions
* Deliver regulatory responsibilities, including completing required training and documentation for Fitness and Propriety activities
* Manage and develop direct and matrixed team members, inspiring excellence and supporting daily responsibilities
* Maintain awareness of emerging cybersecurity insurance requirements and prioritize related maturity activities
* Support ongoing programs aligning with ISO 27001, SOC2, PCI, SOX404, GDPR, CCPA, and other regional requirements
* Track progress against enterprise security strategy and goals
* Collaborate with CISO, IT Risk, Compliance, and the InfoSec Program Office to develop governance and compliance strategies
* Advise and educate stakeholders on InfoSec trends and technologies
* Coordinate security risk metrics and measurements across Business Units
* Oversee internal and customer security assessments to ensure policy and control compliance
* Collaborate with IT and business teams to ensure security controls are effective and functioning as intended
* Support the CISO in consolidating and harmonizing security policies, standards, processes, and tools
Person Specification
* 12+ years in Information Security, preferably in leadership roles with executive and board reporting experience
* 10+ years experience in security policy areas like ISO, NIST, COSO, COBIT, PCI, FFIEC, SOX, SSAE16, and others
* At least 7+ years in IT audit, risk management, and compliance within Information Security
* Ability to translate technical risk into business risk and communicate impacts effectively
* Strong analytical, technical, and assessment skills
* Excellent organizational and documentation skills
* Strong project management skills highly desired
* Proven ability to manage priorities and work independently in a dynamic environment
* Strong business acumen to balance value and risk
* Excellent communication skills for technical and non-technical audiences, including executives
* Ability to develop and document policies, standards, and guidelines
* Professional security or compliance certifications such as CISSP, CISM, or CISA are required or achievable
#J-18808-Ljbffr