Head of Information Security

An exciting opportunity has arisen for a Head of Information Security within Cabot. This is a permanent role, with travel to Kings Hill, London and within Europe required.

Job Purpose

To act as the primary Information Security business partner in the UK and Europe for all Cabot security organizational activities and will prioritize activities to ensure the ongoing effectiveness of Information Security and Cybersecurity controls, working with risk and control owners to evaluate control design, effectiveness, and standards. The primary areas of focus include ongoing compliance and regulatory activities, operational performance, and enterprise information and cyber risk. This position requires an individual that can effectively balance the elements of each of these activities, while keeping the overall program on track and in alignment with the Global InfoSec strategy and objectives. The Head of Information Security will not only be forward-looking to ensure new requirements are planned but will work with leaders across the business to ensure the goals of Encore and Cabot are met securely, and with compliance to all rules and regulations that may apply. 

Key Accountabilities & Responsibilities

• Member of Encore InfoSec leadership team, acting in support of Cabot Group
• Accountable for the overall security service received by the Business Unit(s) from internal resources, shared services and external partners.
• Responsible for executive committee reporting and strategic decision-making/communications.
• Support Cabot BU leaders who have specific InfoSec responsibilities (including under UK FCA Senior Manager & Certification Regime (SMCR) and Ireland CBI Senior Executive Accountability Regime (SEAR)) with delivery of their accountabilities by undertaking effective risk management, as defined by the company policy, and escalating issues to enable sound and prudent management of the firm, including.
• Timely resolution of Risk Events, Internal Audit, Risk and Compliance Monitoring actions.
• Demonstrable delivery of regulatory responsibilities, including the completion of assigned learning and timely and accurate completion of documentation associated with on-going Fitness and Propriety (F&P) activity.
• Manage team members that are direct reports as well as those that are matrixed, helping develop people in their careers and inspiring them to deliver excellence, supporting day-to-day InfoSec responsibilities.
• Maintain awareness of emerging cybersecurity insurance requirements and prioritize related capability maturity activities within the business.
• Support to ongoing program capability that aligns and supports ISO 27001, SOC2, PCI, SOX404, GDPR, CCPA, and other UK, EU, US, India, and Costa Rica requirements.
• Manage and track progress against enterprise Information Security strategy and program goals.
• Working closely with the CISO,IT Risk and Compliance team and InfoSec Program Office to develop and implement strategies for governance and compliance related to corporate-wide security initiatives, operations, and engineering.
• Advise, educate key stakeholders, executives, and business partners on InfoSec trends and technologies.
• Collaborate with the Enterprise Risk team and other specialists including Privacy and Compliance to help optimize the Information Risk management related standards, tools and processes.
• Coordinate security risk measurements, key indicators, and established metrics across BUs.
• Provide oversight and guidance for periodic internal and customer security assessments to ensure compliance with information security policies and established security controls.
• Ensure continual collaboration between InfoSec and cross-functional IT and wider business teams to ensure security controls have been designed effectively and are working as intended.
• Support the CISO with consolidation and harmonisation of security policies, standards, processes and tools.

Person specification:

• 12+ years experience with Information Security preferably in a leadership role with executive and board reporting responsibilities
• Must have 10+ years experience across common industry security policy areas, including, but not limited to ISO, NIST, COSO, COBIT, PCI, FFIEC, SOX, SSAE16, and others
• Minimum 7+ years of experience in Information Security with an emphasis on IT audit, IT risk management, and/or IT compliance
• Ability to translate technical risk and vulnerability data into business risk, and effectively communicate potential impacts to the business
• Excellent analytical, technical and internal assessment skills
• Excellent organizational and documentation skills
• Strong project management skills are highly desired
• Proven ability to manage priorities & deadlines and to work independently in a highly dynamic and diverse environment with multiple concurrent work streams
• Strong business sense with an ability to balance "business value" vs "security risk"
• Good communication skills with an ability to build strong narratives to highlight the importance of security to employees internally and customers/shareholders externally, including both technical and non-technical audiences
• Ability to engage and effectively communicate with Executive Management, Legal, Risk, 3rd-party, and IT teams.
• Ability to develop and document policies, standards, and guidelines.
• Excellent oral and written communication skills.
• Professional certification in information security or compliance (for example, CISSP, CISM, or CISA) required or achievable