Opportunity Details

Posted: 13/05/2019

Chief Information Security Officer (CISO)

United Kingdom, London Bishopsgate
Schedule Type
Full Time
Job Family
Corporate Functions
The Role

As Shawbrook continues to grow we are looking for a Chief Information Security Officer to join our team based in London. You will guide the IT & Information security strategy and implementation, whilst protecting the business from security threats and cyber-attacks. Security operational compliance to all appropriate standards (e.g. ISO27001) and applicable regulations (e.g. PRA, FCA, ICO, etc.) is the responsibility of the CISO. This is a senior role and will commonly involve instructing a team and taking a seat on various organisational forums and committees.


Key responsibilities include the following:

  • Creating and implementing the strategies and the deployment of Information and IT security technologies, policies, standards and procedures
  • Overseeing the management of the Information Security department, giving guidance to the team and developing staff
  • Devising and constantly updating strategies as appropriate to maintain security posture within business risk appetite, leveraging adequate resources encompassing people, process and technology.
  • Managing the IT security budget and communicating this with the appropriate parties
  • Developing strategies to handle security incidents and trigger investigations, overseeing investigations of reported security breaches
  • Complying with the latest regulations and compliance requirements
  • Ensure that security related disaster recovery and business continuity plans are in place and tested
  • Communicate best practices and risks to all parts of the business
  • Maintain an up to date understanding of the threat landscape for the industry the business operates in
  • Review and approve security policies, controls and cyber incident response planning
  • Set the strategy and oversee delivery of comprehensive reporting
  • Establish and maintaining the enterprise vision, strategy, and programmes to ensure information assets and technologies are adequately protected
The Person

Suitable candidates will have the following experience:          


  • Degree in an IT related discipline desirable
  • CISSP, CISM or CISA Certification needed
  • Cloud Security certification e.g. CCSP desirable
  • Project Management, e.g. PRINCE2 desirable



  • Professional experience in Information Security
  • Previous experience of leading and developing information security teams
  • Experience working in a financial services / regulated environment
  • Industry and regulatory awareness across multiple jurisdictions
  • Understanding of systems and their interactions, limitations and security risks.
  • Generation of business cases to the backing of projects
  • Experience working within a medium sized technology department (100+)



  • Data Security
  • Malware Protection
  • Network Security
  • Cloud Security
  • Endpoint Security
  • Identity & Access Management
  • Security Monitoring
  • Vulnerability Management
  • Incident Response
  • Hands-on experience in several of the above domains with good operational knowledge of the rest
  • Knowledge of developing multi layered defensive controls aligned to organisational threat profile
  • Ability to develop strategies and plans to treat identified risks and remediate audit findings



  • Ability to prioritise work to meet SLA’s with the organisation
  • Plan and coordinate the use of resources and facilities
  • Adaptability – Adapting to changes in technology and threats quickly
  • Excellent negotiating and influencing skills
  • Well-developed leadership skills combined with entrepreneurial spirit
  • Excellent problem solving and decision-making skills
  • Excellent communication skills both written and verbal
  • Ability to work as part of a team
  • High work ethic, energy and personal commitment to success
  • Accuracy & attention to detail
  • Establishes effective working relationships at all levels
  • Customer-attentive approach and willing to champion the business
  • Good awareness of own strengths, weaknesses, and future aspirations
  • Presents a professional/business like image, credible

This role is an SB1 within Shawbrook’s internal banding structure