Cyber & Information Security Manager - Canary Wharf

IT/Information/Cyber Security
Ref: 129 Date Posted: Friday 05 Aug 2022
LinkedIn ShareShare
Company: Financial Organisation
Location: Canary Wharf - hybrid working 3 or 4 days in the office
Reports to: Head of Information Technology
Salary: Up to £75,000

 

 

 

 

The Role

This role will be responsible for the Bank’s information and cyber security, and related awareness programmes; ensuring that potential security risks in its various forms of digital, physical and knowledge- and governance issues are identified, managed and remediation action plans are developed to resolve the risk or reduce the risk to an acceptable level.
As an information/cyber security subject matter expert, the post holder will manage the Bank’s Information Security Management System (ISMS). Information Security is a constantly evolving environment, which needs to be flexible, updated and evolved in order to ensure necessary steps are managed and maintained to ensure compliance.
 
Main Duties
 
Information Security
 
•             Own and operate the Bank’s Information Security Management Systems (ISMS), together with its associated frameworks, policies, procedure, forms, etc.
•             Provide management of an inventory of business information assets and assign owners, classification, criticality levels, and other relevant information to such assets.
•             Provide security engagement on projects and business initiatives, both new and existing, to ensure that appropriate security controls and governance processes are incorporated.
•             Provide security assurance reviews of 3rd party suppliers, and monitor their compliance with the Bank’s information and cyber security policies.
•             Manage the Bank’s conformance with ISO27001 and any re-certification when required.
•             Conduct a risk analysis to identify, evaluate, justify, and prioritize the controls to be adopted in order to preserve the confidentiality, integrity and availability of information.
•             Propose and document technical and procedural controls to protect information flows across internal, external, and public networks.
•             Oversee solutions and tools for continuous monitoring of accountability and traceability and the performance of adopted information security controls.
•             Supervise analysing the current technology environment to identify deficiencies and recommend solutions and areas of improvement.
•             Engage with both external and intra-corporation parties to conduct regular and independent evaluation of the Bank’s information security posture including internal vulnerability scanning, penetration testing, and others.
•             Conduct business impact analysis to define and map RTO and RPO to business processes.
•             Develop and manage the Bank’s disaster recovery and business continuity plans in order to ensuring that such plans adequately cover business operations contingencies and incident response.
•             Promote an information security culture within the Bank.
•             Prepare and deliver information security awareness training sessions and campaigns.
•             Report and advise relevant committees on all information and cyber security related risks, including proposing mitigations where appropriate.
•             Be the primary point of contact for all information security alerts and breaches within the Bank and coordinate responses via incident management protocols.
 
General
 
•             Coordinate with the Risk and Compliance department and Internal Audit to address nonconformities.
•             Assist both internal and external auditors and provide detailed information/cyber security input into reviews and attestations being undertaken by regulators, payment schemes and payment systems governing bodies.
•             Provide input into mandatory regulatory reporting, for example REP018 Operational and Security Risk returns
•             Evaluating the adequacy and effectiveness of information protection policies, procedures, processes, systems and internal controls across the Bank in managing information security risks.
•             Able to react quickly and confidently to advise on and manage incidents.
•             Providing expert advice in relation to all aspects of the Bank’s compliance with information security regulations, including event resolution and breach notifications.
•             Providing input to appropriate internal committees in relation to information security risks and issues.
•             Where required, instruct, or work with existing 3rd party suppliers in the management of information.
 
Education & Training
 
•             Bachelor's degree in computer science, mathematics, is desired, but not required.
•             Relevant professional qualifications. Specialized certifications such as CISA, CISM, ISO27001 Lead Auditor, CISSP, CDPO etc.
 
Experience & Skills
 
•             Experience of Information Security within Financial Services.
•             Understanding of online Banking and payment processing.
•             Strong technical skills in Telecoms, Networks, Security, Applications and Database.
•             Strong understanding of the current information security and cyber threat landscape and control frameworks. Understanding of industry security and compliance standards.
•             Knowledge of information security and compliance frameworks e.g. NIST and COBIT
•             Experience in managing incidents and breaches. An understanding of information security technologies.
•             Excellent verbal and written communications skills. Strong interpersonal skills, with the ability to engage with a range of senior stakeholders both internally and externally.
•             Ability to effectively deliver technical information to non-technical audiences.
•             Committed to continuous learning and system development.
•             Ability to plan, organise and prioritise tasks and projects.
•             A solid understanding of change management process
 
Independent Action & Decision Making
 
The Information Security Officer is responsible for the management of the Bank’s information security framework. S/he has to take decisions immediately based on sound judgment, however critical decision making is discussed with the Chief Risk Officer and other members of Senior Management, as appropriate.
 
Accountability for Actions/Results
 
The job holder is required to implement all necessary actions to ensure that the Bank’s information security programmes are implemented to the highest standard and in line with best practice. The job holder will be required to report to the ExCo, ERC (Executive Risk Committee) and OPCo (Operations Committee) to evidence its achievements of this objective.