Job Description
The role holder will provide information security advisory and consultancy services to the Group in order to improve the information security control environment and minimise the risk and impact of information security threats and vulnerabilities- The role holder will be the primary interface between Financial Crime and Security and the businesses where Information Security expertise and input is required for Group projects and Business Change activity- The role holder will use their in-depth Information Security and Technology experience to understand and advise on identification and management of Information Security risks and mitigation in relation to technical infrastructure and applications- They will be a key member of the Information Security management team and will be involved in Threat Management Groups and Information Security incidents where relevant, providing expert advice and guidance-
Responsibilities
· Provide specialist Information Security input to support change programmes- · Develop a thorough understanding of divisional business, systems and processes in order to provide tailored Information Security solutions and services whilst minimising impact or disruption to services- · Engage with business and technology partners to identify information security weaknesses in proposed systems / applications and develop appropriate solutions based on risk assessments- · Responsible for timely completion of business projects, ensuring high standard of quality in delivery- · Responsibility for the management and development of the project support team, ensuring clear and stretching objectives and personal development plans are in place for all members of the team- · Develop, embed and maintain a project assessment framework and methodology to enable swift and accurate early identification of business risks- · Undertake proactive activity to propose suitable Information Security projects aimed at improving business output, results or procedures- · Coordinate PCI-DSS activity within Group and ensure all regulations are complied with- · Assist in the improvement of risk management within Group- · Provide expert advice and guidance to Information Security team in order to share relevant knowledge and initiatives- · May be called upon to provide incident and investigations support- · Provide advice to Information Security related briefings and Threat Management Groups- · Ensure all activity is compliant with 3LoD, TCF, DPA and other relevant legislation · Contribute to the management of KRI's, MI and the setting and management of risk appetite-
The Individual
Level of role M2- This is a permanent position-
Key competencies Business: People Management 2, Finance Management 1, Compliance 2
Technical : Risk Management 3, Fraud Knowledge 2, Insurance Principles and Practice 1, Data Analysis, Interpretation and deployment 1, Project Management 4
| 
