Job Description
The Poland, Senior Information Security Analyst will work along side the Information Security Specialist and Information Security Manager to provide advisory and consultancy services to the divisions in order to improve the security control environment and minimise the risk and impact of information security threats and vulnerabilities- This role holder will work with the Information Security Specialist to provide divisional Information Security support- They will work closely with the divisions, whilst developing and maintaining relationships and providing Information Security advice and guidance in line with Information Security policy- The Poland , Senior Information Security Analyst will perform risk assessments of internal and external Information Security threat environments, including applications and business units- The role holder will assist in developing and implementing solutions for divisions to reduce and close Information Security gaps between risk appetite and current risk position- They will support the identification and management of Information Security risks and mitigation in relation to technical infrastructure and applications- They will be a key member of Poland Information Security team and will be involved in Threat Management Groups and Information Security incidents relevant to their respective division
Requirements
- Minimum 6 years experience working within an information security or audit role
- Experience of influencing at senior organisational levels
- Working within and understanding a broad range of Banking business units (IB, Asset Mgmt, Retail, GTS etc-)
- Knowledge and experience of the legal and regulatory environments across all locations in EMEA
- Experience in driving change across complex and geographical spread environments
- Excellent English communication skills - written and verbal
- Proven track record working in a fast moving, client focussed Banking environment
- Ability to write technical issues in business terms
- Proven ability to manage issues to closure across borders/territories-
- Strong EMEA orientation, prepared to travel regionally
- Significant experience and proven track record of delivery within IS, IT Security or Audit departments within financial institutions
- In-depth IT and Information Security knowledge and experience
- Broad specialist level knowledge of information security technology and IT infrastructure such as, UNIX, Windows, databases, network infrastructure, firewalls, Information security management tools, logging & monitoring tools, emergency envelope tools, Public Key Infrastructures, Cryptography-
- Relevant Information Security qualifications (e-g- CISSP, CISM, CISA etc-)
- Any membership of a professional security organisation would be an advantage- (SANS/ISACA etc-)
Responsibilities
- Develop relationships with divisions in order to identify issues and drive Information Security compliance-
- Develop a thorough understanding of divisional business, systems and processes in order to provide tailored Information Security solutions and services whilst minimising impact or disruption to divisions
- Support the Identification of current risk position for divisions and potential exposures and drive actions to address or mitigate Information Security risk
- Perform security risk assessments or provide input to support major change programmes
- Engage with business and technology projects to identify Information Security weaknesses in proposed systems / applications and develop appropriate solutions based on risk assessment
- Escalate where appropriate any failures to comply with Information security controls in application / system implementation
- Provide policy advice and guidance to business divisions and technology service providers
- Support the Information Security Specialist in the production of high quality, informative and accurate management information for the division
- Assist the Information Security Specialist with the production of Information Security related briefings and Threat Management Groups
- May be called upon to provide incident and investigations support
- Identify relevant training for this role and team to maintain required level of technical expertise within the Group
- Actively manage risks in accordance with the RBS Group's Risk framework across EMEA countries and all divisions
- In particular, ensure risks are properly evaluated, recorded and mitigating action plans are monitored to completion
- Ensure visibility and escalation of all IS risks issues to senior management and executives for information or decision as appropriate
| 
