Information Security Manager

Who We Are

BB2 Digital and Technology Services Ltd (t/a Nomo Fintech) is a cloud-based business-to-business Fintech company which owns the digital platform that powers the digital retail banking services of Bank of London and The Middle East plc (“BLME”), branded Nomo (available on iOS and Android), and provides various other services to BLME.

Nomo Fintech is currently in scale-up mode to support international digital banking across the GCC, and it’s an incredibly exciting time to join the business with great ambition and an effective combination of talent, culture, and world-class technology.

Role Description

This role will work with teams across multiple departments including Cloud Services, Cybersecurity, Information Technology and our Risk & Data Protection functions. The Information Security Manager will help define and shape our cyber and data/information security practices moving forwards through the development and implementation of appropriate Policy, Procedure, and Controls aligned to industry standard frameworks and applicable regulatory requirements.

The role holder will report to the Head of Cloud Services.

Responsibilities

Fulfilment of the role will involve:

1. Cross functional working typically with, but not limited to, Cloud Services, Head of Cyber Security and the Cyber Security Team, Service Delivery, Engineering, Data Services, Data Protection Officer, and Operational Risk to build on an existing data compliance and information security program.
2. Assist with implementation of information security frameworks: CSA CCM (Star), SOC 2 – type 2.
3. Review information security events and incidents in line with BB2 Policy/ Procedures and industry best practice.
4. Participate in the preparation for, and management and execution of, regulatory agency and collaborator/audit inspections.
5. Provide support and advice to stakeholders by facilitating the escalation of any data compliance issues through the appropriate routes.
6. Ensuring a process for the proper control of IT assets, including correct licensing, with a view to the automation of these controls.
7. Keeping abreast of cybersecurity developments, industry standard updates, and applicable regulatory requirements with a view to understanding their impact on IT requirements and controls.
8. Ensure audit trails, system logs, and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements.
9. Review the feasibility of automating ingestion into GRC tooling.
10. The development of metrics to measure/assess the quality of audit trail review/actions and their ingestion into Continuous Control Monitoring tooling.
11. Design security testing schedules and oversee penetration testing & vulnerability management practice.
12. Provide information security awareness training to identified personnel.
13. Identify information security risk and define remediation plans.

Skills & Experience

1. Ability to work in a team and on your own.
2. The ability to evaluate complex situations and find appropriate/pragmatic solutions in a professional manner.
3. Strong interpersonal and organisational skills, with the ability to successfully work both independently and effectively within a team.
4. Strong influencing skills, executing as appropriate in the areas of responsibility.
5. High degree of attention to detail.
6. Collaborative, as you will be working across teams, departments, locations and legal entities.
7. Excellent communication skills, including the ability to explain technology solutions to non-technology internal client base.
8. The ability to manage multiple/varied tasks and prioritise workload with attention to detail.
9. Open, helpful and transparent with the ability to quickly establish credibility and build rapport and trust.
10. IT experience, with a number of those gained within an information security role.
11. Experience of working as an IT Security Manager/Information Security Manager having previously defined and implemented security strategy/processes.
12. Experience of Data Compliance, IT support, cyber security, and service level agreements, etc.
13. A working knowledge of the Data Protection Act (1998) and General Data Protection Regulations (GDPR).
14. Strong working knowledge of SOC 2 controls including security, confidentiality, availability and data privacy.
15. A proven ability to engage constructively with colleagues at all levels across different departments to deliver objectives.

Beneficial

1. A working knowledge of Security Architecture and potential security issues related to PaaS, IaaS, SaaS and understanding of IAM, and Data Loss Prevention in a cloud environment.
2. Knowledge of technologies such as IDS/IPS, vulnerability testing and firewalls; experience working in, or knowledge of DIFC, and other Middle Eastern territories and associated regulations.
3. Experience with AWS and/or Microsoft cloud ecosystem.

Qualifications (Desirable)

1. A degree in Computer Science, IT, Systems Engineering or a related qualification.
2. CISSP, CRISC or CISM qualification is desirable and preferred.