Description
Objective:
My client is a large bank whose Risk Management team provides high quality and independent validation/assurance that the relevant risks taken by the bank in the course of business are identified and controlled. The Bank is now looking for an Information Security/Risk Management Expert, to join the Risk team in order to achieve its goals.
Tasks:
Implement a new asset classification model across the bank which will form the basis to a proportionate and effective Information Security control framework.
1. Designing the implementation roadmap;
2. Developing material and documentation to support the implementation of the asset classification;
3. Delivering training sessions to senior and operational management;
4. Assisting in the practical implementation.
Identifying the assets critical to delivery of the bank's business objectives such as:
o people: eg. employees, clients, customers, regulators;
o processes and services: eg. computing and communications services;
o software: eg. application and system software, development tools and utilities;
o physical: eg. computer and communications equipment, stocks & bonds.
Currently, we seek proportionate protection of critical assets by preserving their:
o confidentiality - ensuring that unauthorised individuals cannot access critical assets;
o integrity - ensuring that critical assets are not accidentally or deliberately removed, corrupted, damaged or harmed;
o availability - ensuring that critical assets are available when required and will support our required operational capability; and
o compliance - ensuring that relevant legal and regulatory requirements are adhered to.
Essential skills
1. At least 10 years of experience in Information security management or Risk Management;
2. Good understanding of, and practical experience of applying IS policies, procedures and standards;
3. Excellent oral and written communication skills as the mission will include strong interactions at all levels in the company;
4. Experience in defining asset classification model and drafting policies.
Analytical and critical mindset;
Capable of reviewing and approving technical design documents;
Practical experience of conducting Risk Assessments;
Good knowledge of international security standards such as COBIT, ITIL, ISO 27000 series;
The role would suit someone from a Risk Management, Information Security, Governance or Audit background.
Language: English.