Information Security Manager

Job description

Role summary:

The Information Security Manager, reporting to the Group Head of Information Security, will provide a critical role in reducing the loss exposure of Sanne Group’s information assets and influencing the security posture of the business.

The successful candidate can be based in London, Dublin, Jersey or Madrid with flexible working available. 


Key responsibilities:

Sanne Group has recently undergone a significant restructure of its Information Security capability, formalising a new function that maintains Group responsibility for Information Security, including Security Operations, Identity & (Privileged) Access Management, Information Risk Management and Control Architecture.

The primary role of the Information Security Manager is to support the Group Head of Information Security in delivering on the ambitious security objectives for Sanne Group alongside managing operational initiatives across the Information Security spectrum, including;

  • Protecting the Confidentiality, Integrity and Availability of Sanne Group’s information assets;
  • Developing enterprise security standards, frameworks and methodologies;
  • Managing the function’s Quantitative Information Risk Management capability, including scoping, analysing, modelling and reporting;
  • Conducting ROI analysis on information security initiatives;
  • Overseeing Sanne Group’s Identity & Privileged Access Management programme;
  • Managing Sanne Group’s technology control architecture, including designing technology operational and security controls, and measuring their operational effectiveness;
  • Coordinating the engagement and responses for DDQs, Audits and Regulatory Obligations;
  • Delivering thought leadership to automate and improve security across the Group;
  • Providing Information Security subject matter expertise and guidance to the Group and Clients.

Requirements

Skills/experience:

  • A breadth and depth of Information Security knowledge with experience managing global Information Security programmes and Risk Management practices;
  • Experience of working in an end-user role, preferably in financial services;
  • Understanding of the internal & external threat landscape, threat events, asset valuation, control and vulnerability measurement, and loss estimation;
  • Experience with industry frameworks, such as: COBIT 2019, NIST SP 800-53, ISO 27001/2 & ISO 31000;
  • Detailed knowledge of technical security safeguards;
  • Excellent command of the English language, both written and verbal;
  • Strong project management, analytical and people skills;
  • Ability to deliver multiple concurrent tactical initiatives whilst maintaining a strategic outlook;
  • Open-minded, creative, pragmatic and detail-orientated, with the ability to lead and influence a team.


The above description reflects the details considered necessary to describe the principal functions of the job and should not be construed as a detailed description of all the work requirements that may be performed in the job.