Information Security Manager
On site
London, United Kingdom
Freelance
24-03-2025
Job Specifications
About Us
BACB is a UK bank that offers trade finance and investment expertise to clients in specialist markets, especially Africa and the Middle East
We have been helping businesses with trade finance and complementary products for over half a century, focusing on trade flows to and from Africa and the Middle East as well as real estate in the UK.
Our in-depth knowledge of the countries and practices where our clients operate ensures that we put them first.
Additional Info
Hybrid Working: 3 days onsite, 2 from home
Location: City of London
Contract Type: Fixed Term Contract
Contract Length: 12 months
Job Summary
Reporting to the Head of Operational Risk and working closely with the Head of Information Security, the role will support in managing the Bank’s Second line of Defence (2LOD) for cyber security, assuring compliance with the Bank's Information Security Policies and Standards and overseeing the effective implementation of security controls through engagement with the Bank’s cyber security operations team (1LOD).
Key Work Outputs and Accountabilities
Supporting the management of the Bank’s Cyber Security function maintaining compliance with our NIST based cyber security framework.
Responsible to Head of Operational Risk for Information Security RCSA framework, in particular regulatory compliance, and tolerated risk exposure.
Act as Cyber Security expert within the Second Line of Defence (2LOD), providing advice and guidance to 1LOD on best practice cyber security and to business driven change activity.
Working with the Bank’s Enterprise Architect to ensure solutions are delivered in accordance with BACB’s IT Security policies and Standards
Ensure the Bank can effectively respond and recover from Cyber Security Incidents.
Working with the Head of Information Security on ways to defend the Bank from current cyber threat landscape, identifying emergent threats and recommending innovative controls and mitigations.
Work together with the 1LOD and provide evidence that IT Security operations are within risk tolerances (e.g., Evergreen IT, Patching, Vulnerability scanning and Pen Testing) (supported by a 2nd member of the 2LOD team)
Oversee compliance with the Bank’s cyber security standards and policies liaising with CIO (1LOD) where responsibility spans Lines of Defence.
Maintain security performance metrics/ KPIs, recommending improvements where appropriate.
Effective use of specialist tools and logging to review the Bank’s cyber status and perform requested “deep dives” as necessary as well as define automated alerting mechanisms, ensuring that these alerts can be assessed and investigates independently by 1LOD and 2LOD.
Engaging with the CIO and the Head of Information Security to ensure that sufficient/ effective cyber defences are implemented, giving the Bank value for money for any procured Cyber Security solutions, including Cyber Risk Insurance.
Responsibility for the effective bank-wide cyber security training and awareness.
Required Qualifications and Experience
Educated to degree level (or equivalent), possessing at least one security accreditation (e.g., CISM or CISSP)
Good working knowledge of cyber security standards (i.e. NIST, ISO 27001, Cyber Essentials, GDPR).
Previous experience in the practical use and management of products such as Defender, Darktrace and Mimecast
IT security management knowledge, skills, and experience.
Familiarity of firewall rulesets and the requirements for effective cyber defence.
Familiar with the Microsoft stack from Desktop products to server products to Azure
Working in Financial Services or another regulated market, such as aviation or energy.
Managing the delivery of an organization-wide information security related strategy
Knowledgeable in common Data Leakage reasons and effective prevention.
Working with on premise, public and/or hybrid cloud environments
Conducting security-based investigations, the management of such inquiries and liaison with external BACB engaged investigation parties.
About the Company
BACB is an international wholesale bank. We provide tailored trade solutions to clients, with a focus on facilitating trade to and from specialist markets in Africa and the Middle East. Established in 1972, BACB is a UK-registered public limited company. We are authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and Prudential Regulation Authority. We are based in multicultural London, banking capital of the world, which provides our clients with the assurance of dealing with... Know more
Related Jobs
- Company Name
- Harrington Starr
- Job Title
- Head of Cyber Security
- Job Description
- Head of IT Security – Investment Management £££ Competitive Day Rate | Contract with Perm Option Central London | Hybrid Working Strategic & hands-on cyber security leadership Azure, network & endpoint security, SDLC, regulatory frameworks Contract role with long-term view to go permanent You’ll be joining a globally recognised investment management firm as Head of IT Security, taking ownership of their end-to-end cyber security programme. This is a high-impact role where you’ll shape strategy, manage incidents, lead a small global team, and work closely with senior leadership to protect infrastructure, cloud, and application environments across the business. The Role: Own and execute the firm’s global cyber security strategy Lead and grow a small, globally distributed security team Oversee security operations, threat detection, and incident response Ensure compliance with ISO 27001, NIST, GDPR and DORA Work with tech teams to embed secure software development practices (SDLC) Build and report on security KPIs and risk posture to the board Manage vendor relationships and run audits, pen tests & tabletop exercises Promote strong cyber awareness and culture across the firm What You Need: Proven experience in a Head of IT Security / InfoSec role Strong track record across cloud security (Azure), network & endpoint protection, risk & compliance Solid grasp of governance frameworks: ISO 27001, NIST, GDPR, DORA Excellent communication and board-level reporting skills Hands-on where needed, while maintaining a strategic mindset Apply now or drop a note to Barry.Ansell@HarringtonStarr.com for a faster review.
- Company Name
- Dorset Council UK
- Job Title
- ICT Infrastructure and Security Architect Manager (Up to Two-year Fixed Term Contract) - Dorset & W
- Job Description
- As an ICT Infrastructure and Security Architect Manager in our ICT department you will: Inform the ICT roadmap through designing and implementing the architecture to support and assure the service infrastructure across all departments both operational and corporate. Ensure that all systems are working at optimal levels and support the development of new technologies and system requirements. Manage the maintenance of the infrastructure, ensuring availability to ITIL standards, that ensures the ICT Infrastructure is fit-for-purpose. Undertake prioritisation and planning of work including defining solutions, developing project plans, procurement, service implementation, technical documentation and evaluation, to ensure the delivery of ICT projects in line with the roadmap What makes you our ideal ICT Infrastructure and Security Architect Manager? Knowledge and practical experience of managing and maintaining complex ICT network and infrastructures Knowledge and experience of managing the lifecycle of solution changes: from scoping/design, business case and procurement, through to implementation including documentation and hand over to business as usual. Experience of providing advice, guidance and recommendations to non-ICT experts for future needs, when working through complex ICT matters For full details of the role and requirements, please have a look at the job description and person specification. Other Information You must have a full current driving licence and be able to fulfil the significant travel requirements of the role. Use of your own vehicle will be required; however, a Service vehicle may be available. Please note Service vehicles are manual transmission only. The role involves some evening and weekend working. If you are applying for a secondment opportunity you will need to notify your substantive line manager of your intention to do so at the earliest opportunity. A Standard Disclosure & Barring Service Check (DBS) clearance will be undertaken on the successful individual prior to offer of employment. Any offer of employment will be subject to full pre-employment checks which include identity checks, right to work in the UK, medical, negative drug test and receipt of satisfactory references, and an explanation of any gaps in employment in the last 3 years. Should a permanent position arise in the team during the period of your Fixed Term Contract, that is substantially similar to the role you are carrying out, you may be considered for the role in the first instance. Please click here for information relating to raising tax awareness and pension considerations when applying for a job.
- Company Name
- Advanced Resource Managers
- Job Title
- Security Business Data Analyst
- Job Description
- Security Business Data Analyst Hybrid – 3 days onsite - Glasgow 6-Month Contract – Inside IR35 – up to £550 per day Energy Sector The role is responsible for the definition, creation, maintenance, reporting, and continual improvement of all business processes involved in supporting IT assets that are in scope for NIS systems. The role supports the IT Security Manager (Infrastructure) in the definition and delivery of any Digital Transformation TPOC business initiatives associated with securing NIS Infrastructure assets across Network, Server, DB, and Client systems. Key Responsibilities: Provides business process design input to the DT TPOC function to ensure that security considerations are embedded by default in all NIS Assets. Provide expert input to the DT TPOC Infrastructure Security strategy based on a comprehensive assessment of current infrastructure security posture against NIS compliance target position. Assess emerging business risks associated with infrastructure tools and services and support strategies for delivering and enhancing required security controls. Support the delivery of a set of business standards to be adopted by DT and work proactively to enable their adoption. Conduct investigations into defining the operating models of all security tools (~60 tools) and their associated procedures. Definition of control objectives and operational effectiveness for each tool and associated processes. Definition of workflows to BPMN standards. Investigate technical implementation of the security tool/process and which ISO control and IGP is impacted. Conduct risk assessments against NIS assets based upon control effectiveness. Define improvements to business processes and create new processes where gaps are identified. Create and maintain NIS Security Posture Dashboards based on control testing data.
- Company Name
- Ampstek
- Job Title
- Cyber security Tester
- Job Description
- SIEM Project Tester-Birmingham (Hybrid) Functional Testing: · Perform functional testing for new and existing features, ensuring they meet business requirements and specifications. · Develop and execute test plans, test cases, and test scripts for the SIEM solution. · Verify that all system components (data ingestion, correlation, alerting, reporting, etc.) function as expected. · Identify, report, and track defects and issues, ensuring they are resolved. · Collaborate with developers, product managers, and other stakeholders to ensure the correct implementation of requirements. · Test interactive features, visualizations, and data representations within dashboards. · Conduct regression testing to ensure that new features do not negatively impact existing functionality. · Hands-on experience with Elasticsearch, Kibana, and related technologies. Non-Functional Testing: · Conduct performance testing to evaluate system scalability, reliability, and response times. · Perform security testing to identify and mitigate vulnerabilities. · Execute load and stress tests to determine system limits and improve robustness. · Validate compliance with industry standards and security best practices. · Monitor and analyze system performance using relevant tools and metrics. Additional Responsibilities: · Document test results and provide clear, actionable feedback to the development team. · Contribute to the continuous improvement of testing processes and methodologies. · Stay up-to-date with the latest trends and advancements in SIEM and Elastic Search technologies. · Assist with the automation of testing processes where applicable. Collaboration: · Work closely with developers, DevOps, and product teams to ensure the system meets both functional and non-functional requirements. · Actively participate in sprint planning, grooming sessions, and retrospective meetings to provide QA input and identify potential risks. Tools: · Experience with CI/CD tools such as Jenkins, GitLab CI, Travis CI, etc. · Proficiency with version control tools like Git. · Familiarity with Agile methodologies and tools (e.g., JIRA, Confluence). Qualifications: · Bachelor’s degree in Computer Science, Information Technology, or a related field. · Proven experience in testing SIEM solutions, particularly those based on Elasticsearch. · Strong understanding of functional and non-functional testing methodologies. · Proficiency in testing tools and frameworks such as TestNG, JMeter, Selenium, RestAssured, or others. · Knowledge of using Postman for API testing, including creating collections, writing test scripts, and validating API responses for both functional and performance aspects. · Experience with security testing tools and techniques. · Excellent analytical, problem-solving, and communication skills. · Ability to work collaboratively in a team environment and manage multiple tasks effectively. · Understanding of Helm for managing Kubernetes deployments and configurations. --