Title: Director, Head of Cyber Resilience
Company: Financial Services
Location: London
Reports to CISO
Direct reports 3-4 direct reports
Salary: Up to £125,000 + bonus
The Role
Purpose of Job
Provide leadership as part of the Cyber Security and Operations Team, to ensure the Bank’s security risks are managed and aligned to business objectives, enable sustained growth and prevent harm, damage or loss to its people, information or assets.
Define and coordinate delivery of the Cyber Resilience strategy to help ensure the Bank can withstand, recover from and resume business services following a cyber-attack.
Lead the Banks response to any cyber incident in EMEA
Background
• This is a key leadership role in the Cyber Security and Operations Team, supporting and deputising for the CISO in delivery of high-quality risk management of the security controls protecting the Bank.
• The role holder acts as the interface between the Cyber Security team and Operational Resilience function.
• The role also provides line management of the Security Operations team.
Scale
Daily interaction with senior stakeholders (Department Heads) in London, across the region and in US and Asia; frequent direct liaison with regulators; monthly reporting to formal governance committees (OGRC, Security Committee, Cyber Resilience Committee); bi-annual Board briefings.
Accountabilities & Responsibilities
• Accountable for developing and ensuring delivery of the Cyber Resilience strategy and operating model in EMEA, in partnership with the North American Cyber Resilience team.
• Plan and lead with EMEA CISO the Bank’s Cyber Incident Response process
• Liaise regularly with Op Res, BC, DR & Crisis Management teams in both EMEA and North America
• Direct the cyber element of the Bank’s Respond and Recover programme within the Operational Resilience framework
• Manage cyber security projects in support of the E-Vision programme
• Manage the EMEA penetration testing capability, including third party cyber penetration tests on the Bank’s network to ensure regulatory compliance.
• Lead the Bank’s Insider Risk Management programme in partnership with the US
• Ensure delivery of security services throughout the EMEA division through liaison with and management of third parties and other group companies, and commercial management of suppliers
• Deputise for EMEA CISO where required
Knowledge, Skills, Experience & Qualifications
• Extensive experience of delivering Cyber Resilience and managing an Insider Risk programme at a senior level in a regulated corporate environment, preferably Financial Services
• Excellent stakeholder management, communications (both written and verbal) and influencing skills
• Formal security certifications required: CISM minimum, CISSP / CRISC beneficial
• Knowledge of NIST and ISO 27001 risk management frameworks, BoE Operational Resilience and EU DORA regulations, conversant with GDPR.
• Programme management skills
Challenges
• Ensuring the Bank’s cyber resilience capability keeps pace with a rapidly-changing threat and regulatory landscape.
• Liaising with senior stakeholders with diverse and often conflicting priorities, to ensure risk management efforts are aligned with global efforts and support business objectives.