Skills

Communication Leadership Penetration Testing Incident Response Risk Management Forensics DevOps Monitoring Attention to detail Training Effective Communication Linux Windows E-commerce Active Directory

Job Specifications

Job Description

We're now recruiting a Head of Security Operations to support the Chief Information Security Officer in managing and reporting the Information Security Risks faced by Technology Services (TS) in delivering AJ Bell’s systems and services. Key to this is maintaining the confidentiality, integrity and availability of the data that resides upon those systems. The Head of Security Operations is responsible for ensuring alignment between AJ Bell’s business goals and our ability to proactively identify and respond to security incidents, underpinned by an ability to translate cyber risk in to business risk and vice versa.

This role will be responsible for the leadership and management of the team delivering ongoing proactive cyber defence and response to security threats targeting AJ Bell systems and information. The Security Operations Team is the first point of contact for security queries, as such the role holder is expected to be a leader in developing a security first culture providing effective guidance to staff at all levels.

About the role:

Ensuring AJ Bell has the appropriate capability to detect and respond to security events and incidents.
In partnership with the 3rd party managed service provider, ensure that AJ Bell maintains 24x7 operational security coverage.
Proactively drive efficiency improvements via the use of automation and AI in security operations processes.
Own and develop AJ Bell’s incident response framework and playbooks, including undertaking regular training and testing (including table top exercises) up to and including executive level.
Develop and maintain AJ Bell’s threat intelligence capabilities to enable effective response to the evolving threat landscape, delivering and disseminating actionable intelligence to operations teams and key stakeholders.
Ensure operational processes for managing AJ Bell’s supply chain risk are effective
Own the end-to-end vulnerability management process, including penetration testing, mitigation assessment and remediation tracking.
Effectively communicate the security posture of AJ Bell with the development and delivery of regular MI and reporting, where gaps are identified work with the security engineering team to provide clear requirements for security solutions.
Manage the operational security vendor relationships, overseeing regular performance reviews and commercial management.
Manage and oversee the development of a team of security analysts responsible for maintaining BaU security operations and act as an escalation point for day-to-day security issues identified by colleagues.
Identify the future needs of the business with respect to the security operations function and develop AJ Bell’s capability accordingly.
Foster an environment of continuous improvement to grow and develop AJ Bell’s security capability by establishing repeatable, managed and measured processes.

About you:

Expert understanding and knowledge of Information Security risk management tools and techniques
Extensive experience of Information Security standards and frameworks
Awareness and understanding of the Information Security threat landscape
Knowledge of security investigations best practice including the use of Microsoft Purview and computer forensics an advantage.
Experience of utilising and monitoring Information Security solutions e.g. email / web gateways, SIEM, Endpoint protection etc.
Strong awareness of Cloud services and supporting security solutions & standards.
Good understanding of cloud native and devops practices including pipelines and associated processes
Hands on experience of managing and configuring systems including Microsoft Active Directory, Windows and Linux in an enterprise environment is highly advantageous
Hands on experience with internet proxies, end point security tools and data loss prevention systems also highly advantageous
Experience working within recognised Information Security frameworks and best practices such as ISO27001, NIST etc.
Knowledge of relevant regulatory requirements (e.g. GDPR/FCA/PRA)
Experience in an Information Security role gained in a financial services or e-commerce environment is preferred
Strong written communication skills, with ability to contribute to executive committee and Board level papers.
Self-motivated, professional, tenacious and enthusiastic
Strong ownership of tasks, attention to detail and following through to conclusion
Ability to challenge approach, strategy and implementation to ensure Information Security is consistently considered and improved
Ability to work under own initiative to plan and communicate effectively with colleagues and customers
Structured, self-starting, flexible and enjoy working in fast-paced environments
Effective communication skills, both written and verbal
Ability to plan, organise and follow through on assigned tasks and complete with little or no prompting from management
Ability to learn and develop new skills and take on new challenges
Excellent atte

About the Company

AJ Bell was formed in 1995 and is now one of the leading online investment platforms in the UK. We provide customers and advisers with wide investment choice, low-cost delivery, market leading online functionality and first class service to help them manage investment portfolios within SIPPs, ISAs and Dealing accounts. We are a fast growing and profitable company, with over 593,000 customers and PS90.4 billion of assets under administration. We are part of the FTSE 250 on the Main Market of the London Stock Exchange. Know more