Description
Job Title: Cyber Security Vendor Assurance Policy, Configuration and Integration Manager
Corporate Title: AVP/VP
Department: Chief Information Security Office ('CISO')
Location: London
Overview
The Cyber Security Vendor Assurance Policy, Configuration and Integration Manager is responsible for managing the bank's strategic partners to deliver products and services in alignment with the bank's security architecture, regulatory requirements as well as its overall business strategy.
The successful candidate will work with the bank's Chief Information Security Office (CISO) organization as well as various business lines to ensure there is effective monitoring, oversight and alignment of vendor relationships - including supporting mapping of security requirements to system configurations and integration work with the bank's security tools, services and supporting testing frameworks.
The candidate will contribute to, and operate within, a cyber-security vendor governance framework to ensure consistency in governing vendor relationships and leveraging cross vendor / cross function knowledge and strategy within the organization.
Key responsibilities
- Ensures effective on boarding and service readiness assessment of vendors in line with the cyber-security vendor governance framework, requirements and processes
- Mapping of bank policies to configuration guides for different system types, including reviews of vendor specifications for consistency with the bank's policies
- Contributes to the build and enablement of a standardised set of configurations, procedures and tools to reduce complexity
- Provides business analysis and project management skills to co-ordinate security requirements with solution architects
- Manage vendor issues and escalates to senior management, where needed
- Supports clients and peers with sourcing activities - promoting standardised processes and best practices. Understands client's requirements, vision and promote 'win-win' outcomes
- Identifies and manages potential security risks within sourcing arrangements, service (and operating) level agreements, to ensure tracking and resolution by vendors or otherwise. Will include the definition and assessment of tactical and strategic mitigation methods
- Ensures compliance with DB defined governance, relevant training and maintains awareness of regional (local), industry governing bodies' standards and their impact on design
- Supports supply chain risk management in promoting good practices and providing early risk/issue identification and mitigation, with appropriate escalation
- Actively communicates and cascades the CISO strategy, plans and values at all levels in the organisation driving a high performance culture, enabling effective navigation of the organisation, and supporting efficient decision making.
Experience and Skills
- 5+ years' experience in the field of IT Security and/or Information Assurance
- Good knowledge of security tools, knowledge of one or more of the following would be an advantage Symantec Enterprise Security Manager, HP ArcSight, BMC Bladelogic, IBM Endpoint Manager
- Experience in mapping client policies to system configuration guides
- Relevant Bachelor or Master Degree (or equivalent) in Computer Science or Engineering (or other relevant discipline) from an accredited college or university (or equivalent)
- Experience in identifying and delivering process improvement projects in a complex operating environment using strong relationship building skills
- Good working knowledge of international security standards such as ISO, NIST and global financial industry regulations.
- Good working knowledge of security services such as vulnerability management, security incident management, security problem management, compliance management etc.
- Excellent strategic agility, critical thinker, communication, influencing
- Strong business planning skills, able to drive change
- Fluent in English (written/verbal) with excellent communication and presentation skills
To apply for this role please click the APPLY button.