Senior Manager Information Security
About the opportunity Purpose of the Role
The Information Security function at Fidelity International is part of the Global Cyber & Information Security (GCIS) group, reporting to the Head of Global Information Security. The function includes the Information Security Office, and Information Security Management. The Information Security function works with business partners and channels to balance their strategies with reducing risk to the organisation, supporting those partners to manage data risk within the firm's risk appetite. The Information Security function acts as the business engagement point, providing a bridge between business, technology and Cybersecurity. The Information Security function takes in business requirements, but also delivers back key control requirements and supports the business in achieving the required control targets and behaviours.
The Senior Manager Information Security supports the Information Security Officer function, who acts as an interface between the work of the technology-focused analysts, engineers and administrators in the Technology organisation, and their aligned business channel. The Senior Manager Information Security must be able to translate the IT-risk requirements and constraints of the business into technical control requirements and specifications, as well as develop metrics for ongoing performance measurement and reporting. The Senior Manager Information Security will support their aligned region/business channel by taking in business requirements, but also delivering back key control requirements and supporting the business in achieving the required control targets and behaviours through Information Security scorecards. The Senior Manager Information Security will have knowledge of the Information Security regulatory requirements, be able to assist on appropriate compliance measures, and support due diligence, audit and compliance activities.
This Senior Manager Information Security role requires an individual with an ability to work with the Technology organisation and business stakeholders to align priorities and plans with key business objectives. The SMIS will also be responsible for working with business and Technology stakeholders to balance real-world risks with business drivers such as speed, agility, flexibility and performance.
The Senior Manager Information Security must be able to prioritise work efforts - balancing operational tasks with longer-term strategic security efforts. Documentation and presentation skills, analytical and critical thinking skills, and the ability to identify needs and take initiative are key requirements of the position.
The role will require close working relationships with Information Security Officers and Information Security teams in UK, Europe, India and Asia. In addition, the role will collaborate regularly with the wider technology team, risk management, business operations, oversight functions and human resources. Key Responsibilities
About you Experience and Qualifications Required
- Provide Information Security support for Luxembourg and wider continental europe Business areas, supporting the Luxembourg Information Security Officer.
- Provide support to the Technology department and coordinate first line risk activities. Working with the Technology teams and the relevant oversight functions, provide risk insight and help the business to fully understand their risk profile.
- Integrate information security procedures with organization's business processes and ensure that information security considerations are integrated with IT system planning, development / acquisition life cycle
- Support the organization-wide Information Security Management System (ISMS) in accordance with ISO/IEC 27001 Standards, thereby ensuring continuous ISO27001 accreditation.
- Run a continual service improvement programme for all security assurance activities
- Manage Third Party Risk Assessment Program, to ensure that all vendors are compliance to FIL's information security response.
- Provide a day-to-day operational service in responding to business enquiries regarding information security of company initiatives
- Maintaining local information security policies and Luxembourg regulatory considerations
- Take an active role in global FIL information security projects and initiatives
- Work with the wider security team to manage exceptions to the controls, preparing any required documentation, advising management of decisions and tracking any agreed rectification plans through to completion
- Support a prioritised security programme to address key local security issues
- Provide all-hours-response to major security or recovery incidents, providing technical advice as required. Lead incident response to any information security issues.
- Responsible for compliance checking and reporting of Information Security initiative status across the region.
- Provide operational reporting including issues escalation to management as required
- Preparation of regular senior management reporting and metrics.
- Able to translate technical knowledge into business terms and present to senior leadership.
- Provide regular information security awareness training to all staff including phishing tests, classroom sessions and online courses.
- Demonstrated experience in Information Security preferably within an international Financial Services firm
- Experience with common information security management frameworks, such as International Standards Organization (ISO) 27001, the IT Infrastructure Library (ITIL) and NIST
- Understanding of EU data protection, privacy and ICT Security Risk practices is desired
- Familiarity with cloud services along with associated controls, supplier due diligence, regulations, and cloud frameworks
- Wide and proven experience operating within a risk management role within Financial Services industry, preferably in the context of Technology or Information / Cyber Security in asset management industry.
- Knowledge in operating systems, databases, networking devices, applications controls and related concepts such as cloud and DevOps;
- The ability to build strong relationships at all levels and across all business units and organizations, and understand business imperatives.
- A strong understanding of the business impact of security tools, technologies and policies.
- Capability to work with minimal supervision.
- Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT organization, project and application development teams, management and business personnel
- Experience working with legal, audit and compliance staff.
- Experience developing and maintaining policies, procedures, standards and guidelines.
- Proficiency in performing risk, business impact, control assessments, and in defining treatment strategies.
- Flexible and enthusiastic approach
- Related graduate degree
- Certified ISO 27001 lead implementer or auditor
- Professional qualifications such as CISSP, CISA, CRISC, CISM etc are an advantage
About Fidelity International
- English (spoken / written, will be the working language)
- Plus French, German or other European languages an advantage.
Fidelity International offers investment solutions and services and retirement expertise to more than 2.5 million customers globally. As a privately held, purpose-driven company with a 50-year heritage, we think generationally and invest for the long term. Operating in more than 25 countries and with $739.9 billion in total assets, our clients range from central banks, sovereign wealth funds, large corporates, financial institutions, insurers and wealth managers, to private individuals.
Our Workplace & Personal Financial Health business provides individuals, advisers and employers with access to world-class investment choices, third-party solutions, administration services and pension guidance. Together with our Investment Solutions & Services business, we invest $567 billion on behalf of our clients. By combining our asset management expertise with our solutions for workplace and personal investing, we work together to build better financial futures.
Our clients come from all walks of life and so do we. We are proud of our inclusive culture and encourage applications from the widest mix of talent, whatever your age, gender, ethnicity, sexual orientation, gender identity, social background and more.
As a flexible employer, we trust our people to perform their role in the way that works best for them, our clients and our business. We are a disability-friendly company and would welcome a conversation with you if you feel you might benefit from any reasonable adjustments to perform to the best of your ability during the recruitment process and beyond. Data as at 31 March 2021. Read more at https://www.fidelityinternational.com/
Applying to this Job Role: Please note you are only required to upload your CV/Resume to the application screen.