Regional Information Security Officer, UK&I
Ref 00058825 Country/Region UK - Scotland, UK - London Location Edinburgh Position/Contract Type Permanent Job Role Security
Job Description
The Regional Information Security Officer (RISO), based in the UK, will shape the Information Security agenda for the RBS Group in the UK & Ireland region- They will contribute to the development and improvement of the Information Security strategy and deliver across the UK & Ireland region to support the overall Corporate Security Services function- The role holder will be responsible for effectively managing the Information Security risk across the UK and Ireland (UK&I) region, ensuring the protection of all data held within the region and related third parties- This extends to all physical and electronic data including internal, customer and employee related information- The RISO, UK & Ireland, will be responsible for understanding, communicating and ensuring compliance with the regulatory requirements for Information Security in the UK and Ireland- This includes setting specific policy and driving change in order to meet existing and any new requirements- They will be accountable for the effective implementation of the Information SecurityPolicy Standard within the UK & Ireland region- They will also be responsible for developing and owning the view of the current UK & I risk position and drive actions to address Information Security risks across the UK & I- The role holder will lead and manage a diverse team of Information Security subject-matter experts across multiple locations- They will also be a key member of the Information Security Senior Leadership team, helping shape the overall direction of Information Security globally, including deputising for the CISO when required- The role holder will build relationships with key Senior Management, Executive and Group Internal Audit contacts inside the group, both divisionally and regionally, to maximise the effectiveness of the role and represent the RBS Group where appropriate with local regulator and on external global bodies for opinion forming, lobbying and sharing of best practice-
Responsibilities
General - Engage and build strong relationships with Executive and senior manager stakeholders as the face of Information Security within the region
- Build relationships with external industry bodies, peer organisations, Law Enforcement and Intelligence Agencies to understand best practise from outside RBS and influence industry views
- Regional accountability for Information Security and risk across the UK & Ireland region
- Act as a catalyst for change in the development and implementation of Information Security priorities, systems and investments in the UK & Ireland region (working closely with the CISO)
- Lead Information Security Programmes either as a part of a Group team or where specific to region, including chairing appropriate governing bodies
- Drive out current risk position for the UK & Ireland region and drive actions to address Information Security risk
- Specific responsibility to improve User Access processes and procedures in the UK & Ireland businesses and technology service providers
- Manage delivery capability alongside the International Corporate Security Services Regional Head
- Address cross Business/Region Information Security issues (e-g- UK & Ireland threat response, benchmarking against competitors)
- Delivery of 'Information Security frameworks' within the UK & Ireland region-
- Understand and apply UK&I regulatory requirements
- Contribute to assurance activities to ensure it supports oversight activities
- Accountable for robust policy standards oversight to drive out current risk position for the UK&I region and ensure the business drive actions to address Information Security and risk
- Expert input to Information Security related Governance, Assurance, Executive briefings, Group initiatives (e-g- Security & Risk input to Product development, Corporate responsibility, Global strategies etc) and the UK & Ireland level incident input
- Close alignment to the Head of Information Security Transformation in support of business strategic plans
Financial Management - As a member of the senior team, ensure that the overall budget for Information Security is managed effectively
- Manage all aspects of the Information Security team within an agreed budget, reporting any variances to the Chief Information Security Officer
People Management - Direct responsibility for 4 direct reports
- Build capability of the organisation, the role holder must lead the team in accordance with the Business Services Values and the Group's Performance framework, ensuring clear and stretching objectives and personal development plans are in place for all people in the direct and indirect teams-
- The role holder will contribute to the Corporate Security Services succession planning and talent management processes, to ensure the continued development of the organisation
R isk Management - Actively manage risks in accordance with the Group's Risk framework as both Policy Standard owner and in collaboration with other Policy Standard owners across the Group
- In particular, ensure risks are properly evaluated, recorded and mitigating action plans are monitored to completion
- Ensure escalation of risk issues to a higher level of management for information or decision as appropriate
The Individual
Experience: - Leadership of a multi-location team
- Influencing at senior organisational levels, up to and including, Executive level
- Working with a broad range of business units across the RBS Group or other Global organisations
- Proven experience in driving change
- Excellent communication skills both written and verbal
Technical Knowledge: - Experience of an Information Security and Risk function
- Good understanding and proven track record of working in Information Security within the Financial Services industry
- Relevant Information Security professional qualifications
- Good IT knowledge and experience
| 
