Head of Information Security & Risk

Job description

Head of Information Security & Risk

The purpose of this role is to Lead the Information Security and Risk Division to ensure effective management and assurance of Security and IT Risk in line with the organisation’s overall risk appetite. Ensure and provide assurance that the org can identity, protect, detect, respond and recover from a changing cyber security threat landscape. Act as an Information Security thought leader and SME to the organisation and advise on specialist risk matters within the organisation.


  • Lead and coach the Information Security and Risk leadership team and create an environment where people can develop to their full capability, where the principles and behaviours of the org are lived and where collaboration and purposeful mobility can flourish in order to deliver sustainable high-performance levels within the Directorate.
  • Define, agree and lead the implementation of the strategic direction for organisational information security within the org in line with The Bank’s overall strategy, risk appetite and good practise within the sector, in consultation with the Director and the leadership team. Sponsor and lead change as appropriate to be able to achieve this strategy. Actively contribute to and influence the strategic direction of the Directorate to ensure a proactive forward-looking approach to its contribution to the org strategic plan. Ensure that progress against the relevant elements of the Strategic Plans and Strategic Implementation Monitoring are reviewed, and that any deviations are signalled early so timely remedial action can be taken.
  • Strategically manage the various risks associated with the work of the Division to safeguard information security, e.g. oversee the division’s governance, operational and assurance activities; an organisation-wide awareness programme on information security good-practise and threats; and operation of centralised information security controls and services for the organisation. Provide guidance and co-ordination for the response to high-level organisation-wide information security incidents
  • Drive operational efficiency within the division while also leading the monitoring and protection of the Bank from outside threats. Promote and ensure adoption of up-to-date market practices and methodologies in line with appropriate security standards e.g. ISF, NIST, SANS
  • Actively participate in the Committee structure of the org, e.g. the Risks Management Committee/ Commission and provide the senior leadership team with information security advice, insight, information and reports, as appropriate, to ensure all IT / information security risks are known, tracked and proactively managed; inform decision-making; and support effective representation of the org at national and Eurosystem levels.
  • Represent the org at relevant EU and international fora, to ensure the org remains aligned with and can positively influence the information security agenda at Eurosystem level to ensure effective representation of the org’s interests for security shared services
  • Ensure the necessary resources, supports, infrastructure and capabilities are in place within the Division to enable the Division as a whole to deliver on its collective mandate.
  • Develop and maintain productive and collaborative relationships with linked Divisions in the org to enhance effectiveness. Manage senior level engagements with external stakeholders as required so key relationships are maintained and organisational objectives are achieved.
  • Participate actively in wider management initiatives outside the directorate to promote change and continuous improvement at an enterprise level.


    • Membership of the professional body, the Certified Information System Security Professional (CISSP) – ISC2 or the Information Systems Audit and Control Association (ISACA)
    • 12 years’ relevant experience, preferably in a Financial Services security environment, having responsibility for development of Information Security strategy, operational planning and monitoring and adherence to policies.
  • At least 5 years leading and managing a team(s) of professionals at a senior level

    • Extensive understanding/ experience of the information security sector and its practical operation
  • Subject Matter Expertise in information security

    • A strong technical background having a good working knowledge of infrastructure and associated operational software with the ability to outline, implement and monitor a security programme.
    • Strong analytical, problem solving, decision making, planning and organisational skills.
    • Proven ability to critically assess complex/ once off issues and problems with the ability to distil significant volumes of information, identifying solutions for root causes of issues.
  • Strong knowledge of the relevant technical, regulatory and legal frameworks

    • A very good knowledge of other sectors as required
  • Strong strategic thinking

  • Strong people management, coaching and leadership skills including the ability to manage through people in multiple teams.
  • Excellent verbal and written communication in particular the ability to relate to senior management and staff.
  • Excellent capability in managing and delivering difficult/ contentious issues with others that may include regulated entities including having an ability to challenge senior management on subjective issues.
  • Acting professionally, ethically and with integrity including being an exemplar for key principles and behaviours.

Following your application for this specific role, Sigmar may contact you regarding other positions that we feel you may be suitable for. If you do not wish to be contacted about other opportunities please let us know. For further information please refer to the Privacy Statement on our website.