Chief Information Security Officer

Chief Information and Security Officer (CISO)

Location:

Scope of role:

The Chief Information Security Officer (CISO) is responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.

The CISO will oversee a comprehensive cybersecurity strategy, manage risk, ensure compliance with regulations, foster a culture of security awareness across the organization and act as a primary point of contact with our customers.

Essential skills:

• Experience of operating within a regulatory environment such as banking and finance
• Familiarity with cloud security, DevSecOps, and emerging technologies.
• Professional communication skills at C-level.
• Ability to influence and drive change across a complex organization.

Description and responsibilities:

• Strategic Leadership
• Develop and execute a company-wide information security strategy aligned with business objectives.
• Advise executive leadership on security risks and mitigation strategies.
• Lead the security governance framework and ensure alignment with industry standards (e.g., NIST, ISO 27001, SOC 2, PCI-DSS).

Risk Management & Compliance

• Identify, assess, and manage cybersecurity risks across the organization.
• Ensure compliance with relevant laws, regulations, and standards (e.g., GDPR, DORA, CPS230).
• Oversee internal and external audits related to information security.
• Security Operations
• Lead incident response and crisis management for security breaches.
• Oversee threat detection, vulnerability management, and security monitoring.
• Oversee security technologies including firewalls, intrusion detection systems, intrusion prevention systems and endpoint protection specific to customer-facing operations.
• Manage customer communications / engagement with regards to information security
• Ensure contractual commitments to customers are met e.g. DORA regulatory commitments

Awareness & Training

• Promote a security-first mindset across all levels of the organization.
• Foster secure coding practices in collaboration with the CTO

Desirable Skills:

• Secure coding practices.
• Static and Dynamic Code scanning.
• OWASP.
• CREST Certification / CREST Accreditation.
• Cloud Security Alliance best practices.
• Cloud Computing Compliance Criteria Catalogue (C5).
• Understand global markets and cultural differences.
• Working in a distributed environment.
• Threat and vulnerability management.
• Penetration testing.

Experience, training and qualification :

• Bachelor’s degree in computer science, Information Security, or related field.
• 10+ years of experience in information security, with at least 5 years in a leadership role.
• Professional certifications such as CISSP, CISM, CISA, or equivalent.
• Deep understanding of cybersecurity frameworks, risk management, and regulatory compliance.
• Proven experience in incident response, security architecture, and governance. Strong leadership, communication, and strategic thinking skills.

Note:

This Job Description is not an exhaustive list of tasks performed but does represent the major duties and responsibilities encompassed in the job. It does not prevent the job holder from being allocated any other duties of a broadly similar nature to those described. Should these other duties become a permanent and major part of the job, they will be included in a revised specification.