For further infpormation please contact - philip-katzrbs-co-uk
Job Description
The Information Security Specialist will provide advisory and consultancy services to the division in order to improve the security control environment and minimise the risk and impact of information security threats and vulnerabilities- This role holder will work with the Senior Information Security Specialists to provide divisional Information Security support- They will work closely with and influence key Senior Management across the division, whilst developing and maintaining relationships and providing Information Security advice and guidance in line with Information Security policy- The Information Security Specialist will perform risk assessments of internal and external Information Security threat environments, including applications, business units, processes and Technology Service Providers- In addition, they will provide security input to major change programmes, risk assessing security within new solutions and processes- The role holder will understand, prioritise and assist with developing and implementing solutions for businesses to reduce and close Information Security gaps between risk appetite and current risk position- The role holder will use their in-depth Information Security and Technology experience to understand and advise on identification and management of Information Security risks and mitigation in relation to business processes, technical infrastructure and applications- They will be a key member of the Operations Information Security team and may be involved in Threat Management Groups and Information Security incidents relevant to Corporate Banking Division-
Requirements
Technical Knowledge - Specialist knowledge in Information Security risk assessment and controls management, including an understanding of the ISO 27000 series and how to apply it
- In-depth IT and Information Security knowledge and experience
- Knowledge of the legal and regulatory environment within which Financial Organisations operate (e-g- FSA & ICO)
- Experience of a Security and Risk function
- Good understanding and proven track record of working in Information Security within the Financial Services industry
- Relevant Information Security or technical qualifications (e-g- CISSP, CISM etc-)
Desirable Detailed knowledge of at least 3 of the following areas - Mainframe (CICS/DB2/RACF)
- Windows
- TCP/IP networks
- Authentication techniques
- Cryptography
- Application Security
- Payment and Card security
- Security Monitoring
- eCrime
- Email security
Responsibilities
General - Build and maintain strong relationships with business units and TSPs in order to identify issues and drive Information Security compliance
- Develop a thorough understanding of divisional businesses, systems, technology and processes in order to provide tailored Information Security solutions and services whilst minimising impact or disruption to the business
- Identify current risk position for business units and TSPs, identifying potential exposures and drive actions to address or mitigate Information Security risk
- Quality assure Exceptions To Policy presented for approval to confirm risk statement and assess action plan adequately addresses the risk prior to presentation to S&R
- Perform security risk assessments and provide specialist Information Security input to support major change programmes
- Engage with business and technology projects to identify Information Security weaknesses in proposed systems / applications and develop appropriate solutions based on risk assessment
- Escalate where appropriate any failures to comply with Information security controls in application / system implementation
- Provide policy advice and guidance to business units and technology service providers
- Support the production of high quality, informative and accurate management information for the division
- Provide input to Information Security related briefings and Threat Management Groups
- May be called upon to provide incident and investigations support
Financial Management - Operate within financial boundaries set by the Head of Operations, including travel costs
People Management - Identify relevant training for their own role and the team to maintain required level of technical expertise within the Group
Risk Management - Actively manage risks in accordance with the Group's Risk framework
- In particular, ensure risks are properly evaluated, recorded and mitigating action plans are monitored to completion
- Ensure escalation of risk issues to a higher level of management for information or decision as appropriate
The Individual
- More than 5 years relevant working experience of Information Security in a risk-based context
- Working within an Information Security or IT related team
- Influencing at senior organisational levels
- Working with a broad range of business units
- Excellent communication skills - written and verbal
- Ability to express and write technical issues in business terms
| 
