Location: City of London
Reports to: COO
With functional reporting to the Group CISO and, locally, to London COO, the RCISO will be responsible for managing the Information Security department in London and in non-domestic European branches where no local ISO is in place.
The RCISO is a member of the Group Information Security Council. As an FCA Certified role, the RCISO will also have regulatory responsibilities to the Regional Head of IT in their SMF24 capacity.
The RCISO will primarily be responsible for the delivery of appropriate cyber resilience measures to London branch, together with the management and development of the local Data Protection Officer and Information Security Analyst(s).
Key activities and key competencies
Delivery of Cyber Security
The design, implementation and subsequent maintenance of appropriate cyber resilience to London branch. This will include:
• Develop existing cyber risk reporting to encompass infrastructure and organisational risks, aligning Lon-don’s business and regulatory requirements with group cyber policies.
• Ensure that all relevant external threats intelligence is gathered, acted upon and reported as required, and that the organisation plays an active role in the UK cyber resilience community in line with regulatory expectations
• Design and deliver cyber contingency planning, incident response and resilience testing procedures across the branch, from executive levels to individual business functions. This must meet UK regulatory expectations and local business risk requirements.
• Develop methodologies to encompass cyber risk within existing operational risk frameworks, and align risks to the local business risk appetite
• Design and implement ‘business as usual’ risk controls to ensure continued compliance with cyber risk management requirements.
• Deliver appropriate and ongoing security awareness amongst users across the branch, focussing on high risk users where necessary.
• Adapt the outcomes of the cyber project to provide appropriate risk reporting and risk controls to non-domestic European locations.
Management of information security functions
• Ensure that internal information security policies and processes are delivered, supervising and developing junior staff delivering those services
• Supervise the delivery of forensic investigation services to the branch, ensuring that the appropriate skills are in place within the team.
Management of data protection
• Supervise the delivery of appropriate data protection services by the branch Data Protection Officer within the information security team
Business Continuity Officer – supervision of external managed service
• Acting in a retained organisation capacity, ensure that group BCM requirements are met by the external managed service partner. As the coordinator of the branch incident management team, ensure that the branch has appropriate disaster recovery measures in place
Manage the performance of department members, recruiting in agreement with section head and developing high calibre employees, providing leadership and direction
Key Requirements (Work Experience/Formal Education)
They will be an experienced information and cyber professional, with a demonstrable track record in designing and delivering similar projects within the sector..
They will have worked at CISO or equivalent level and have clear ability to deal with senior business management, internal audit and regulators.
They must be able to reconcile technical cyber risks with operational risk management, developing the under-standing of senior business leaders.
They will hold industry accreditation (CISM, CRISC, CISSP, CISA or equivalent)