Business Information Security Officer

**Overview**

The role requires passion, vision and drive and will act as a respected senior advisor across the organization, guiding internal and external customers on information security best practices, cyber security, security risk assessment, threat modelling, and vulnerability remediation within a hybrid Cloud and On Premise IT environment.
- Strengthen Link Group’s Information Security defence and response capabilities paying close attention to business unit specific requirements.
- Lead cultural change and provide guidance on best practise security control adoption.
- Evaluate, architect, implement, and support security tools and services for Link Group rapidly emerging Cloud based hosting model and help execute the global Information Security strategy / Centre of Excellence
- Ensure security controls designed and implemented as part of the agreed group strategy are commensurate with the threats/risks

This role will be part of a multi-discipline team to ensure the security services are delivered to the agreed service levels.

**Key Accountabilities and main responsibilities**
- Act as the interface between each of the Business unit and information security from both a delivery and operational perspective. Including BCMGlobal and LFS until the divestment and TSA agreements cease
- Build a consistent trusted relationship with the senior leadership of each business unit in relation to information security.
- Support the development of Security strategies for each business unit.
- Provide expert advice to business leaders to ensure information security risks are understood and mitigated where possible.
- Raise the information security program's profile within the business units, with specific focus on their individual needs.
- Increase delivery, consistence and visibility of information security services within each business unit.
- Work with each business unit technical directors to define information security for technology roadmaps.
- Act as the information security teams interface to clients, via the current CRM network.
- Manage risks associated with information security that affect each business unit and or clients.
- Support the CISO in the development of the overall information security strategy and roadmap.
- Provide information security advice and input in relation to pre-sales activities.
- Represent Information Security at the Business Risk Committees and IT Risk Committee meetings.
- Act as the Interface between the Info Sec GRC team and the business units on their control design and control effectiveness as well as special projects from a strategy alignment perspective.
- Partner with IT teams and operational personnel across all Link Group business units and the wider global Link Group teams to understand business and technical security requirements, develop supporting security principles and objectives and implement appropriate changes to processes and technology to support effective business growth.
- Work in active partnership with IT development, DevOps and infrastructure teams to provide leadership and security design guidance.
- Ensure that each business unit and technology Director is aware of and complies with all relevant regulation within the various jurisdictions it operates in.
- Help develop communications and actively promote related campaigns for information security awareness across Link Group.
- Ability to evaluate security requirements within the context of a fast paced environment in order to define pragmatic solutions.

**Experience & Personal Attributes**
- Thorough understanding of information security operations and governance concepts and current best practices, techniques, processes, and technologies
- Hands-on experience working with control frameworks (e.g. COBIT, NIST, ISO27001), technologies including Intrusion Detection, Anti-virus/anti-malware, Database Activity Monitoring, Data Loss Prevention, Penetration Testing, Firewalls & Security Log management tools
- Ability to examine complex security event data and identify key issues, trends, and patterns
- A good knowledge of security best practice controls and control frameworks
- Ability to evaluate security requirements within the context of a fast-paced environment to define pragmatic solutions
- Ability to work in high pressure situations, and follow processes and procedures with accuracy and attention to detail
- Minimum 5+ years’ experience in security operations, IT governance or similar role
- Well-developed communication skills, including a level of written communication and reporting skills necessary to describe complex issues and actions clearly and concisely
- Experience with ISO27001
- Experience with IT Security and Risk Assessments
- Experience managing a team of security specialists
- Bachelor’s Degree in Computer Science, Management, Mathematics, or Engineering
- Exposure to a large financial services organization and an understanding of the risks of such an environment
- Extensive exper