Divisional Risk and Control Lead, VP

Role Description

The Divisional Technical Information Security Officer (DTISO) is a senior manager aligned to a division or function. DTISOs are responsible to enforce Information Security compliance within their area of responsibility in line with the CISO / PTISO mandate and strategy as well as the banks risk appetite. Furthermore, DTISOs oversee the divisional TISO organisation which supports them in meeting the banks control objectives. DTISOs are the experts and points of escalation for all IT security related aspects of the IT assets in their area of responsibility. They provide guidance on how to implement technical control aspects and achieve compliance to the related Information Security controls and ensure appropriate handling of any relevant exceptions. In close cooperation with the respective DISOs they support the business divisions as well as the TDI counterparts to comply with Security Controls. They are accountable for the adoption of centrally mandated Security Solutions.

Your key responsibilities

• Derive the requirements from the overall Chief Security Office (CSO) strategy and translate this into an operational plan for delivery for their area of responsibility
• Provide leadership for TISO (Technical Information Security Officers) within the respective division or function and Information Technology Security oversight of the applications and infrastructure (IT assets) that these TISOs are responsible for.
• Provide management oversight of the operation of processes that the TISOs in their scope of control are responsible for to ensure a standardized and consistent working model.
• Spearhead independent reviews of IT Security Controls, prioritise identified issues and assesses remediation actions for quality, considering the optimal cost-risk ratio as well the strategically optimal resolution (e.g. Information Security control evaluation and respective follow up activities).
• Partner with key stakeholders (PTISO, DCISOs / DISOs and IT management etc.) to act as mediator and subject matter expert for them on Information Technology Security topics. Ensure a common understanding of Information Technology Security risks and their implications for the Group and for their scope of responsibility.
• Stay abreast of new cyber security threats and technology as well as changes in the business or legal/regulatory environment and supports and advises senior management of potential impact
• Facilitate a regular communication and cooperation with all relevant stakeholder and functions such as the respective Information Security Officers (ISOs) as well as the CSO technical delivery and governance functions. Ensure appropriate senior management awareness/oversight of follow-up on action items to resolve identified issues, e.g. information security reviews of vendors, audit issue resolution.

Your skills and experience

• Rounded knowledge and experience of all the following Information Security processes;
  • Application and Infrastructure Security
  • Identity and Access management
  • Information Security Incident and Problem Management
  • Information Security Governance for business and technology
  • Information Security Risk Management
• Expert knowledge of DB Information Security Principles, Policies, and Procedures
• Profound experience in business and IT processes and respective Information Security requirements.
• Experience with financial markets and institutions.
• Excellent analytical skills, flexibility regarding problem solving.
• Excellent communication skills.
• Ability to work in fast paced environment and keep pace with technical/ operational innovation.
• Open minded, able to share information, transfer knowledge and expertise to team members.
• Keeps pace with technical/operational innovation & maintains understanding of various technologies, as well as security service and technology offerings.

Education/Certification

• Masters degree in Information Security or a comparable education
• In addition, the following education/certification attainment will be beneficial:
  • CISSP (Certified Information Systems Security Professional) or equivalent.
  • ISSMP (Information Systems Security Management Professional).
  • CISM (Certified Information Security Manager) or equivalent.