Title: Principle - IT Security Manager
Reference No: 2015/12
Location: City of London
Reports to: Head of IT Security & Business Continuity
Duration 6 months
No. Required: 1
Start Date: ASAP
The IT Security Manager provides IT Security advice and assurance to the IT Department through the definition, design, implementation and on-going management of the IT security environment and associated services and applications. This includes responsibility to identify, manage and remedy IT Security risks during project design and operational running of applications, systems and the IT environment. The role also has to balance competing stakeholder needs and achieve the best outcome for the Bank in the delivery of strategic and tactical IT Security initiatives and solutions.
Objectives of the Role
The role sits within the IT Security and Business Continuity team, who are responsible for protecting the Confidentiality, Integrity, and Availability of the Bank’s information assets. This includes planning and delivery of the Cyber Strategy, establishing and implementing IT Security Policy, Procedures, Standards, and the management and operation of IT Security technology and tools.
Though the primary focus of the role is IT security, the role should also work closely with, and be influential to the Operational Risk and Information Security team.
Scope of Role
• Establish, implement and maintain consistent and repeatable IT Security related Standards, Policies, and Procedures, aligned to the international standard for Information Security Management Systems, ISO 27001: 2013.
• Participate in the establishment of a Cyber Security strategy, which is aligned to the overarching IT strategy.
• Strong experience of MS Azure which can be called upon to oversee the secure development and operation of the Azure platform
• Work within a project team with a focus on embedding relevant security controls into the project delivery process
• Working with third parties to establish and implement the baseline for IT Security controls
• Ensuring that assurance over IT & Information Security control implementation can be provided
• Establish, implement and maintain a suite of IT Security tools to protect IT systems and give visibility of potential threats and vulnerabilities.
• Development of clear and concise reporting suitable to be presented to IT Management. This includes submissions of regular Key Risk Indicator reports that can be used to prioritise IT Security activities,
• Ensure secure working best practises are enabled within the DevOps environment, and that the appropriate alerts are recorded within the SIEM.
• Contribute towards the production of a Cyber Security strategy.
• Work closely with members of Operation Risk and Information Security to ensure IT Security and associated risks are appropriately managed.
• Maintenance and operation of the Bank’s LogRhythm Security Information and Event Management System
• Coordinate responses to Internal Audit recommendations to ensure that audit observations related to IT Security are appropriately managed.
• Co-ordinate vulnerability assessment and penetration testing as well as managing the associated remediation activities.
• Contribute to IT Security compliance with the Bank’s Internal Control Framework to ensure the accurate completion of annual testing schedules.
• Define the minimum IT Security requirements for IT projects and IT operations, ensuring alignment to industry best practice recommendations.
• Provide expertise in the definition, selection and implementation of IT Security related controls to the IT Department.
• Management of the IT Security service providers, vendors, and consultants to ensure key objectives and deliverables are met in an efficient manner.
• Provide guidance and assistance to IT Senior Management and other areas within the Bank with regard to addressing IT Security issues.
• Manage and promote IT Security to ensure that the business understands the value of best practice and supports the key IT Security objectives.
• Support the transition of this Scope of Services to a Third Party Provider once appointed.
• Extensive understanding and implementation of the IT Security environment, policies, guidelines and standards, including ISO 27001/2
• Educated to honours degree level and/or a relevant and recognised IT Security accreditation,
• Production of Cyber and IT Security strategies
• Technical and architectural knowledge of Microsoft Windows, Client and Server and Microsoft Azure Infrastructure services
• Technical knowledge of Microsoft security and identity technologies, such as Active Directory, Azure Active Directory, Active Directory Federations Services (ADFS), PKI and certificate management, IPSec, VPN, DirectAcess, Active Directory and Azure Rights Management Services and Windows Defender.
• Broad understanding of corporate IT infrastructures and technologies.
• Demonstrable experience of successfully operating within an IT Security team.
• Demonstrable knowledge of technical security solutions covering areas such as data leakage, anti-malware, vulnerability management, threat assessment, encryption and PKI.
• Relevant experience in the Financial Services sector.
• Ability to handle pressure and work to challenging deadlines.
• Scope of services successfully transitioned to third party provider and knowledge transfer complete.
• Experience of MS Azure
• Experience of working on cloud transformation projects
• High level of technical competence (with particular emphasis on IT Security aspects) in the following areas: server virtualisation, VMware, Microsoft W2K8 & W2K12, Windows 7 & 10, HP UX, RedHat Linux and Oracle, NetApp storage consolidation, Cisco Networking
• Experience of Data Loss Prevention and Security Information and Event Management tools.
• TripWire, McAfee, ForcePoint, Checkpoint