Description
Information Security Risk Manager - Investmant Bank - London - CISM, Risk, Security, IS
It is essential that you have banking experience to apply for this position.
The Investment Bank Divisional Information Security Officer (IB DISO) leads the Information Risk Management (ISRM) capability for the Investment Bank.
ISRM protects information from inappropriate access, use, disclosure, disruption, modification, loss or destruction which would negatively impact the bank's legal, regulatory or financial standing.
The Information Security Risk Manager role will report to and support the initiatives of the IB DISO with direct responsibility for delivering the ISRM strategy globally, supporting the IB in all matters related to information security ensuring effective risk management across the organisation establishing the security baseline, managing compliance with this baseline and liaising with other business and IT functions, such as Legal & Compliance.
Activities in this role include the following:
Assess and respond to Audit, ORI and external threats
Attend Operating Committee and Forums to present IS posture
Manage and report on security-related incidents and events
Support Group initiatives ensuring IB requirements/investments are represented
Determine regional security operations requirements across people, process and technology
Conduct risk assessments, report outcome and support mitigation activities and projects
Develop response recommendations (accept/mitigate)
Engage Legal & Compliance and maintain view of IS requirements/Regional view
Support COO's and business activities as SME for security risk and compliance
Provide business reviews/drive change
Develop region-specific standards to support IS policy framework and syndicate
Provide approvals for change, OBI type initiatives
Drive security culture/awareness
Support regulatory engagements
Drive compliance with group policies standards, and local regulatory requirements
Support periodic internal controls assessment processes
Required skills include the following:
Broad knowledge of information security
Strong verbal and written communication & interpersonal skills in order to act as a contact and explain the solutions to users with different levels of knowledge.
Strong analysis skills to enable analysis of alert and requests from business point of view.
Analytical and problem solving skills with attention to detail.
Understanding of access control, data protection leakage and approvals workflow.
Understanding of information security principles and how these should be applied.
Understanding of IT activities such as software development, production support, deployment and release processes, testing, and how they are managed in a large organisation.
Advanced Excel, PowerPoint & Access skills.
Desired skills include the following:
Familiar with financial industry or large corporate organisations.