Risk and Compliance IT Cyber Lead

The Cybersecurity function is responsible for enabling businesses and functions to

manage their information security and cybersecurity risks as well as ensuring risk and controls

are assessed and implemented appropriately, objectively and independently through

professional and specialized subject matter experts.

Cybersecurity Lead for Risk and Compliance IT is a role supporting the Chief Information

Security Officer for Enterprise Technology that is a part of 1st Line of Defence (1LoD). The role is

primarily focused on Cyber Security for Enterprise Technology and specifically Risk and

Compliance IT, to a lesser extent, the role will cover other parts of Enterprise Technology, plus

support the CTO CISO Team.

The key responsibilities include:

• · Supporting business as cyber-SME
• · Governance & Reporting of cyber controls
• · Information Security Risk Management and
• · Remediation and Regulatory Compliance.

Governance & Reporting

• · Collate Information Security monitoring and risk reports and translate technical
• information into consumable reports that can be shared with business and technology
• stakeholders.
• · Represent Cybersecurity in relevant management and governance forums.
• · Ensure security requirements from Enterprise Technology Risk and Compliance IT Team are
• shared with the central Cybersecurity functions, so that there is sufficient coverage and
• prioritisation within change programmes and initiatives.
• · Work collaboratively with Enterprise Technology, Cybersecurity and other business
• functions (e.g. CCO, Enterprise Risk Management, BIRO).

Information Security Risk Management & Remediation

• · Understand the Cybersecurity risk in Enterprise Technology. In particular, understand the
• critical assets for Risk and Compliance IT, the threats and vulnerabilities faced and the
• security control requirements required.
• · Drive and support Cybersecurity risk management and improvement activities. Ensure
• remediation activities are completed within agreed timelines.
• · Ensure adherence to cybersecurity controls and enable access to cybersecurity services to
• support business projects.
• · Work with stakeholders in Enterprise Technology and beyond to support the resolution /
• remediation of all major security incidents.

Regulatory Compliance

• · Provide support to Regional Information Security Officers (RISO) to meet the local
• cybersecurity requirements to respond to Regulators.
• · Collaborate with Cybersecurity central functions to drive the management and reporting of compliance requirements with Industry standards, e.g. PCI-DSS and SWIFT. · Provide support to regulatory, audit and external security engagements, e.g. SOX/EARS review by external auditors.

Specific Requirements

• · Minimum Bachelor Degree and/or experience in IT security governance and operational processes, preferably in the Financial Services industry or global corporate service provider
• · Background – desirable but NOT essential exeprience in one or more of risk management, Audit, ISR
• · Qualifications – desirable but NOT essential one or more industry-recognised cybersecurity-related certifications including ISO270001, CISA, CISM, CISSP, CRISC
• · Availability to travel (if required) for this role, i.e. travel within country as well as occasional International travel
• · Positive and professional attitude, team player, flexible and adaptable, open to change(s) · Confident and takes responsibility and ownership for work and personal development
• · Good spoken and written communication and ability to adapt style based on audience (Fluent in spoken / written English)
• · Ability to communicate technical subject matter to non-technical stakeholders
• · Previous experience of delivering an excellent customer service
• · Ability to quickly develop good working relationships with stakeholders
• · Ability and self motivation to learn and pick things up quickly