This role is no longer available but if you wish to send us your CV for other similar roles please do so on apply@recruitgibraltar.com

RecruitGibraltar are currently recruiting for a Head of Information Security to join a leading name in the Online Gaming Sector with an excellent reputation in its field of expertise. They are a forward thinking Company and seek employees who have the same drive and motivation in their chosen career. Their desire to retain their market leading position means that all aspects of their business model are managed with a view to being the best and providing an outstanding working environment for their staff in all their locations.

The successful candidate will be primarily responsible for protecting the firm’s confidentiality, integrity and availability of client and employee data (information). The scope of this includes protecting and/or defending against the unauthorised access, use, disclosure, disruption, modification or destruction of company data (information). The ISO will be responsible for the management, operation and continual monitoring and improvement of information security management practices that contribute to this objective. You will be charged with implementing and managing systems support and continuous improvement frameworks using a combination of Agile and ITIL best practices. This role is for a senior technologist with a deep understanding of modern engineering methods, highly developed people and communication skills, business acumen and a passion for mentoring teams.

Responsibilities

• The creation and maintenance of the firm’s Information Security Strategy - As part of continual management activities the ISO will be responsible for confirming a valid ISM Strategy is in place. Consideration will be given to existing risks, landscaped risks and threats, regulatory requirements, current and future business operations, and the firm’s business strategy. The ISM Strategy will be reconfirmed annually or following recent (significant) business change.
• The ISM function is comprised of the below core Operating Lines:

o Governance
o Risk Management
o Advisory – Strategic and Technical
o Management
o Operations
o Training & Awareness
o Business Continuity Management
o Supplier Assurances

• Governance - Creation of Policies & Standards. Ensure appropriate Governance is in place to support the firm’s strategic objectives (and in order to maintain accreditation and/or certification). Develop, maintain and communicate all Governance documentation. Establish documentation to form part of the firm’s Corporate Governance and establish an ISM Framework. Maintain and manage all steering groups / committees used for ISM purposes.

• Risk Management - Maintain all policies, standards and processes related to identifying, assessing, managing and monitoring risks and/or threats to the firm’s data including Third Party assessments. This includes maintaining a risk methodology, risk register, and monitoring risk controls / treatment plans in place. Assume overall accountability for communicating risks to the relevant Committees.

• Advisory - Provide guidance and advice to all areas of the business on matters of ISM as required. This includes (but is not exclusive to) matters such as technical, business process, regulatory and/or general considerations. Advise and support projects and initiatives and support ISM assurances throughout the wider business.

• Management - Ensure continual monitoring of ISM activities; the majority of which are specific to operational activities. The ISM function is accountable to the CTO/COO on all matters of Management, as well as ensuring that all decisions at Executive Committee level are adequately informed by Management outputs. Day to day management of staff or outsourced providers as required.

• Operations – Manage, oversee and provide assurance of active ISM monitoring controls in place at the firm. The scope of this will include network monitoring, vulnerability management, endpoint monitoring, data loss prevention, auditing, and logging. The ISO will be responsible for ensuring that monitoring operations remain aligned to protecting the firm’s data, and militating against risks / threats posed.

• Training & Awareness – Lead, develop and manage ISM training and awareness programme for the firm. Training and awareness activities will be the primary driver for embedding ISM within the culture of the business, reinforcing ISM strategic objectives, policy and standard requirements, as well as supporting adherence to information security management standards.

• Business Continuity Planning and Disaster Recover (BCP/DR) - Review the existing firm’s recovery strategy, and where necessary, define and develop to completion. Understand the Business Impact Analysis (BIA) recovery and tolerance thresholds and validate the BCP/DR plan as necessary to support the firm’s operations and regulatory requirements. Utilise the output of the BIA and further develop roles and responsibilities, processes and procedures for recovering the firm should it be impacted by a major incident or period of disruption. The scope of plans as part of this activity will include department-based Business Continuity plans, Incident Management plans and ICT / Disaster Recovery plans.

• Supplier Assurances – Establish and maintain management controls for the firm’s supply chain. This will be specific to the firm’s data that is shared, transmitted and/or stored by business partners / suppliers. The scope of this include assessing suppliers, assessing information security risks associated, establishing contractual controls and conducting supplier audits.

• Assess Technical/Security Debt inherent in Technology Infrastructure and Software and organise backlogs into a transparent tracking process.


Essential

• Comprehensive appreciation security requirements of PCI DSS (A-EP)
• Experience of attaining Cyber Essentials (minimum) under ISO 27001
• Experience in Financial Services or high-end Gaming in the capacity of Technology Security Management.
• Experience and full appreciation of the linkages between regulation, systems and controls and audit.
• Self-organising with good time management and estimation skills.
• Proven track record managing complex programs.
• Understanding SDLC.
• Strong customer stakeholder experience.
• Compelling management and presentation skills.
• Experience of working modern Agile & Cloud based organisations.
• Successful delivery track record in a challenging, complex and dynamic environments.
• Expertise in performance and capacity problem solving
• Experience in Fintech is highly desirable

Salary based on experience with bonus & benefits package.