As the Head of Information Security, you will report to the Director, Operational Risk Management (ORM) and be responsible for leading the Bank’s Information Security risk identification and remediation activities.
Responsibilities
Measure and report on the implementation and compliance of the Bank’s Information Security framework (policies, procedures, guidance) throughout the organisation and verify the implementation of Information Security controls and evaluate their effectiveness.
Manage internal teams and external consultants as they provide support in the delivery of risk mitigation activities.
Influence and support change by aligning policy updates with new regulations and business needs and critically, emerging security threats.
Manage the programmes which provide security oversight over internal IT and Business projects and external suppliers.
Act as the Information Security SME to support the Bank’s delivery of the new GRC solution, ensuring that existing solutions and services which deliver risk assessments, and third party supplier assurance assessments, are successfully transitioned over to the new GRC solution.
Track and advise on industry security trends and their implications.
Determining Information Security risk vision and strategy
Providing expert Information Security consultancy and advice to Senior Management as well as the Bank’s governance mechanisms i.e. Risk and Executive Committees, Board.
Interfacing with first line (IT Security) and working closely with the CISO to provide oversight and assurance over key first-line activities, in particular, working with the CISO to design and deliver the Bank’s multi-year Cyber Resilience Programme.
Creating and managing the Bank’s Information Security vision and strategy going forward.
Interfacing with the Business to provide specialist advice, oversight and insight to ensure business operations follow good Information Security practice and policy.
Scoping, conducting, and designing Information Security risk programmes and thereafter managing the subsequent remediation.
Design, manage and deliver specialist assurance activities over first-line and the wider business including, Red & Purple Team assessments, Data Leakage, and Disinformation & Dark-Web Assessments and Social Engineering exercises.
Requirements:
Experience as a ‘Head of Information Security’ or Senior Information Security Management role.
Leading teams and enterprise risk remediation programmes.
Designing and delivering enterprise Information Security risk remediation programmes.
Designing and delivering enterprise Cybersecurity risk remediation programmes.
Ability to read, understand and analyse regulatory information, ‘good practice’ and develop Information Security strategies and programs.
Strong written and verbal communication skills, especially the ability to translate technical details into business-friendly language.
Strong project management and stakeholder engagement abilities.
Ability to work independently, manage multiple priorities, and maintain high attention to detail.
A collaborative mindset with strong influencing and problem-solving capabilities is a must.
Strong technical skills and/or previous background as to effectively challenge first-line.
