Associate Director, Information Security

  • Competitive
  • London, England, United Kingdom London England GB
  • Permanent, Full time
  • IHS Markit
  • 14 Aug 18 2018-08-14

Associate Director, Information Security

Position title
Associate Director, Information Security


Department overview:
The Information Security Team is responsible for providing guidance and leadership to IHSMarkit in all areas related to Information Security. This includes providing guidance and support to the software development, Infrastructure and wider business teams within IHSMarkit. As a key senior hire within the team, it is anticipated that this person will assist in growing the breadth and depth of the Information Security service offering within IHSMarkit.
This responsibility is managed by the Information Security team by defining Policy and monitoring the compliance to Policy, managing defined 'Business as Usual' processes, regular audits and reviews, undertaking project work.

Position summary
The candidate, reporting to Head of Production Assurance, will:

  • Have a broad range of IT and security experience, gained through working in the financial services/banking sector.
  • Needs to be a strong communicator, with an ability to promote information security at all levels of management, and engage with business teams at the design/concept stages to ensure Information Security requirements are adopted early on.
  • Have a sold technical background with reasonably in-depth understanding of AWS and Azure security, encryption, Cloud entitlement solutions etc.
  • Having practical hands-on experience of performing digital transformations from on prem to cloud migration with security layers incorporated
  • Exposure to a variety of cloud security monitoring and alerting software is ideal
  • Require the ability to manage their own IT projects for the deployment of Information Security systems/tools and the on-going programme of work to on-board business groups to utilise these tools for maximum ROI.
  • Need to be able to produce management reporting to illustrate the maturity of information security policies and controls through the use of metrics and work with the organisation to continuously improve based on the trends within the reports.
  • This position will be based in our London office.
Duties & accountabilities
  • Security Operations duties and responsibilities:
    • Participate and or lead in the definition, management and on-going reviewing of Information Security Policies, with a view of aligning these to ISO 27001, where applicable to IHSMarkit
    • Partner with our Risk, Compliance, HR and Legal teams on matters relating to Information Security
    • As a senior member of the Information Security Team assist, as needed, with Internal Audit, Client Q&A, SSAE16/SOC2 and other audits pertaining to information security
    • Manage projects to deploy Information Security systems to help control/audit and enforce the Information Security Policies
    • Help manage and minimise the impact and risk of Security Incidents and Vulnerabilities to our products and company as a whole.

Business competencies
Education and experience
  • Bachelor's degree in Information Technology or in a related field OR, the equivalent combination of education, training and/or experience. .
  • Experience of working as a security consultant with hands-on operations experience, within the finance sector and/or a large consultancy.
  • Technical security skills and experience are a must.
  • CISSP / GIAC / CEH v9 certified or similar certification.
  • Working knowledge of SSAE16/SOC2/ISO27001 knowledge and similar audit/compliance standards experience. Consistent track record of delivery to excellent standards.
  • Working knowledge of international security standards.
  • A solid cloud services preferable AWS and Azure deployment.
  • Experience of security incident management.
  • Experience of managing completed source code review and penetration testing programs, including managing the remediation process.
  • Knowledge of operating systems (Microsoft / Linux).
  • Working knowledge of IT security best practices and configurations as used in desktop, server, and network configurations.
  • Experience of monitoring security threats, analysing vulnerability assessments, and balancing security with business rules/needs.
  • Experience of working with other IT professionals to resolve fast-moving vulnerabilities such as spam, virus, spyware and internet filtering.
  • Experience of defining and enforcing internet and application use policies.
  • Experience of documenting status reports, plans, policies, procedures and presentations.
  • Development / programming experience (preferably Java) database and application security.
  • Experience of working in security-related IT projects using project management and software tools.
  • Experience of ticketing systems (Issue Tracking)
  • Ability and willingness to work extended hours or modified schedule for planned or emergency work. Ability and willingness to travel to and work at various Company locations if required.

Commercial awareness
  • The successful candidate would be expected to have a good understanding of the Compliance, Information Security and Audit environment in which our Financial Services clients operate.
  • The successful candidate must be familiar with business operations in OTC and derivatives markets and the security challenges that this brings.
  • The successful candidate must be able to explain all aspects of Information Security and place this knowledge within a commercial context.
Management requirements
  • Ability to manage and influence other teams not under the direct control of this person.
  • Currently, this position does not have any direct reports.

Personal competencies
Personal impact
  • Self-motivated with the ability to take a project through its complete lifecycle.
  • Be comfortable dealing with senior individuals with a strong client and service orientation.
  • Must have a self-starting, driven, assertive and positive attitude.
  • Ability to meet tight internal/external deadlines.
  • Excellent attention to detail
  • Excellent written and verbal communication skills
  • Excellent presentation skills
  • Very good documentation skills
  • Persuasive communicator, passionate about Information Security
  • The ability to explain and rationalize Information Security to both the business and technical leads
  • Ability to manage themselves and work in an expanding team.
  • Team player and willing to progress in a rapidly growing/changing environment.
It is the policy of IHS Markit to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, IHS Markit will provide reasonable accommodations for qualified individuals with disabilities. We maintain a drug-free workplace. For candidates in the US, we are a participant in E-Verify (see link below).

EEO is the Law
EEO is the Law Supplement
Right to Work
Pay Transparency Policy

Current Colleagues If you are currently a colleague with IHS Markit please apply internally via Workday.