Technology Controls Lead
The Technology Controls Lead, reporting to the Information Security Manager, will provide a critical role leading the development of Sanne Group’s technology control architecture, overseeing the design and operational effectiveness of risk-mitigating procedures across the Group.
The successful candidate can be based in London, Dublin, Jersey or Madrid with flexible working available.
Sanne Group has recently undergone a significant restructure of its Information Security capability, formalising a new function that maintains Group responsibility for Information Security, including Security Operations, Identity & (Privileged) Access Management, Information Risk Management and Control Architecture.
The primary role of the Technology Controls Lead is to support the Information Security Manager in the development of the Group’s technology control architecture and risk management activities, including;
- Developing and managing the Group’s technology control architecture framework;
- Working with control owners across the Group to create Key Procedural Control Objectives (KPCOs) and design-effective security controls;
- Supporting control owners in delivering operationally effective security controls;
- Assisting the development and implementation of the Continuous Controls Monitoring (CCM) programme;
- Creating definitive metrics for the design and operational effectiveness of security controls;
- Leading and coordinating control gap remediation efforts;
- Serving as the lead authority on security controls for information risk management activities;
- Coordinating controls reporting to support responses for DDQs, Audits and Regulatory Obligations;
- Providing Information Security and Risk subject matter expertise and guidance to the Group and Clients.
Skills / experience:
- Detailed knowledge of core practices in Information Security, Risk and Controls with experience in technology risk and control programmes;
- Experience of working in end-user roles, preferably in financial services;
- Understanding of risk and controls principles;
- Experience with industry control frameworks, such as: NIST SP 800-53, ISO 27002 & CIS Controls;
- Detailed knowledge of technical security safeguards.;
- Excellent command of the English language, both written and verbal;
- Strong analytical and people skills;
- Ability to deliver multiple concurrent tactical initiatives whilst maintaining a strategic outlook;
- Open-minded, creative, pragmatic and detail-orientated.
The above description reflects the details considered necessary to describe the principal functions of the job and should not be construed as a detailed description of all the work requirements that may be performed in the job.