Information Security Manager - External Testing Services

An exciting opportunity has become available in the Security Services Assurance team within Information Security, Group Security & Fraud. The successful candidate will be part of a small team responsible for managing some of the key security services that help to protect Lloyds Banking Group.

Core Purpose of the Role
To manage and maintain oversight of the Group's penetration testing and external vulnerability scanning services ensuring they operate effectively in line with Sarbanes Oxley and PCI DSS requirements and that risks are identified and mitigated in a timely manner.

General accountabilities:
• Plans and monitors delivery of allocated IS responsibilities and initiatives following agreed processes, whilst ensuring that those procedures remain appropriate and SOX compliant.
• Identify, develop and gain approval for delivery of business procedures, including new IS Assurance activities.
• Identify, understand and risk assess complex, technically defined issues/ problems within own area of responsibility and helps to translate these into actual business risks.
• Build and manage effective stakeholder relationships that support the effective delivery of all operational security services.
• Identify, resolve and where appropriate escalate potential information security risks/issues.
• Produce written and verbal reports to a suitable standard and in a timely manner/suitable format.
• Maintain specialist knowledge of IS subject matter responsibilities, including Sarbanes Oxley, PCI DSS and associated IS standards.
• Manage IS owned services, associated contracts and supplier relationships ensuring they are providing the best service for LBG and value for money.
• Provide consistent specialist advice and support to colleagues as required.
• Communicate information relating to compliance in an effective and timely manner to all stakeholders.

Examples of specific deliverables:
• Establish, deliver and maintain suitable processes to effectively manage the annual penetration testing and vulnerability scanning programmes. Dealing with any challenges to ensure activity is delivered on time and within budget, ensuring all risks and issues are tracked and actively managed.
• Integrate, develop and embed the new LBG PCI DSS compliant vulnerability scanning service ensuring the revised and integrated service is operational on time and continues to run within budget.

Key Capabilities/ Knowledge:
• Able to plan, co-ordinate and control own time and resources and the resources available within the team.
• Has a wide experience of producing detailed reports and other written material – preferably of a technical and/or complex nature, using lucid and concise language to explain complex material, findings or recommendations.
• Proficient influencing skills. Is able to devise and use an influencing strategy without relying on formal authority.
• Is practiced in communicating information/facts and/or theoretical issues to individuals or groups.
• Has a good understanding of information security principles, in particular specialising in website application and infrastructure security.
• Working knowledge of Sarbanes Oxley requirements would be preferable.
• Has a good understanding and experience of key information security services.
• Has a good understanding of the organisational structure and environmental awareness of the Group and the wider industry.

Apply now Already registered?