Chief Information Security Officer
G-Research is Europe’s leading quantitative finance research firm. We hire the brightest minds in the world to tackle some of the biggest questions in finance. We pair this expertise with machine learning, big data, and some of the most advanced technology available to predict movements in financial markets.
The newly created Chief Information Security Officer (CISO) role is pivotal to the continued maturity of G-Research’s three lines of defence (3LoD) approach to risk management. The role will report into the Head of Enterprise Business Services, and will involve being a key contributor to our security strategy, taking responsibility for ensuring the delivery of this strategy within the first line of defence.
The CISO will be responsible for a number of security teams including the Cyber Security Incident Response Team (CSIRT), Security Advisory, Security Operations and the Security Assessment Team (PenTesting and Control Assessment). In addition to this, the CISO will ensure our security strategy is coordinated across the first line, including our Engineering functions. They will be the point person for security leadership in the first line and work closely with all levels of management to ensure effective communication, coordination and execution of the security plans. The CISO will be part of our Extended Leadership Team.
As our CISO, you will have a significant and influential security steer across the business, being accountable for leading our first line security strategy (ensuring alignment to our business goals), security and protection of assets, establishing enhanced information protection frameworks, mitigating critical security risks, strengthening defences and improving the detection of and response to malicious activities.
Key responsibilities of the role include:
- Overseeing our Security Advisory, Security Operations, Security Assessment (Vulnerability Management, Penetration and Control Testing) and Cyber Incident Response (CSIRT) functions
- Responsible for ensuring our security strategy is clear, well-communicated and executed across the first line
- Collaborate with the wider business on developing security goals, defining metrics and ensuring our Information Security roadmap supports our business goals
- Ensure systems, processes, policies, and tools are aligned with our information security mandate and overall security strategy
- Accountable for preventing cyber-attacks and leakage of sensitive information
- Accountable for effective response to security incidents
- Partner with business leaders to facilitate company-wide security risk assessments and risk management processes
- Continuously and proactively monitor current and emerging cybersecurity threats, trends, vulnerabilities, regulatory changes, etc. and work with the relevant internal teams to determine how this may impact our overall business operations
- Implement a process for continuous IT security monitoring and incident management to effectively identify, respond to, contain and communicate a suspected or confirmed incident
- Successfully monitoring of security metrics and reporting KPIs to business leaders
Who are we looking for?
The ideal candidate will have the following skills and experience:
- 10+ years of hands-on experience in Information Security, which includes at least 5 years of recent experience in a senior management position
- Demonstrable experience leading technical security teams, developing a security function and representing security at senior management levels
- Demonstrable experience with identifying and implementing IT Security solutions for current-state needs and also providing scalability for growing environments
- A strategic thinker with a builder mentality with a strong hands-on approach, capable of designing, building, and operating security programs in a fast-paced environment
- Ability to communicate complex cybersecurity and data privacy topics in non-technical, easy to understand terms to audiences at all levels of the organisation (junior employees to executive management)
- Passion for technology, with demonstrated ability to uncover root causes of complex technical problems and provide guidance and assistance on solving them
- BSc/MSc in Computer Science, Information Systems, Information Security or similar
- Certifications such as CISSP, CISA, CISM, SABSA CRISC, and/or GIAC are preferable but not expected
- Capable of thriving in rapidly evolving environments, with the ability to proactively identify opportunities in ambiguity
- Strong bias for action and self-motivated, with the ability to effectively prioritise tasks to address the broader needs of the business
- Experience of securing complex multi-tenant platforms
- Knowledge of SIEM log aggregation & correlation products (ex: Splunk, Sentinel, etc) a plus
- Experience with Intrusion and Penetration Testing Toolkits such as Kali Linux
- Experience with modern PaaS/SaaS-based IAM and SSO providers and protocols preferred (ex: AzureAD, Okta, Duo, SAML, etc.)
- Experience with Managed Detection and Response (MDR) platforms and forensic threat hunting
- Excellent experience with cybersecurity frameworks, such as SANS/NIST, ISO 27000, CIS
- Excellent analytical, evaluative, and problem-solving abilities
Why should you apply?
- Highly competitive compensation plus annual discretionary bonus
- Informal dress code and excellent work/life balance
- Comprehensive healthcare and life assurance
- 25 days holiday
- 9% company pension contributions
- Cycle-to-work scheme
- Subsidised gym membership
- Monthly company events
- Central London office close to 5 stations and 6 tube lines