Technical Information Security Officer (TISO)
Ref 00058862 Country/Region UK - Scotland, UK - London Location Edinburgh Position/Contract Type Permanent Job Role Security
Job Description
As an experienced information security professional the role holder will provide leadership and direction to the global technical Information Security team- The role holder will be recognised as an industry expert in the field of technical information security, providing significant technical support and direction to the team and the CISO- They will be accountable for the effective setting of the Information SecurityPolicy Standard across the globe- They will be ultimately accountable for the delivery of divisional oversight of all RBS Group Technology Service Providers (TSPs), provision of IS technical input to projects and running threat management activity- The TISO will be responsible for defining the Group's framework and appetite for the penetration testing and forensics teams working alongside Technology Services- The Technical Information Security Officer will be responsible for driving change and implementation of appropriate tools and technologies in order to enhance Group wide technical security monitoring capability within Information Security- The role holder will build high quality relationships with key Technology Service Providers and Executive / Senior Management contacts inside the group, both divisionally and regionally, to drive change as a result of oversight activity- They will be the main interface into the Technology Service Providers for all aspects of the technical controls mandated by the IS policy and will baseline the technical risk position and perform ongoing monitoring of TSPs- The role holder will have strong influencing ability to ensure that TSPs align with the broader Information Security strategy- This role holder will be responsible for driving and influencing the TSPs such that IT Security Strategy is developed collaboratively with the TSPs- The Technical Information Security Officer will drive action and escalate as appropriate for all technical oversight and drive a programme to help deliver improved penetration testing capability, research and development into new security products and technical security architectures across the RBS Group- The role holder will lead the second line of defence oversight of penetration testing that is performed across the Group and will lead a specialist forensics and data loss prevention team who are processing web and email violations- The role holder will also be a key member of the Information Security Senior Leadership team helping shape the overall direction of Information Security globally- They will be responsible for leading technical security incidents as required by the Chief Information Security Officer- The role holder will chair the Information Security Technical Group, providing Information Security leadership, governance and oversight, across technical service providers-
Responsibilities
General - Develop and deliver the cyber and core strategy for all aspects of Information Security technical controls
- Provide expert input, leadership and direction to technical incidents across the RBS group
- Allocate resources to meet the changing demand and risk profile of the organisation, specifically prioritise work stack and use judgement to escalate where appropriate
- Work closely with the Regional Heads of Information Security to provide an effective support service across the globe-
- Develop key relationships and work closely with TSPs and business Information Security partners to understand key threats and issues to drive resolution
- Effectively encourage TSPs to collaborate for the benefit of the business using third parties where relevant-
- Collaborate with other information security teams within the RBS Group-
- Work with TSPs and Strategy & Architecture to define technical and business architecture for security-
- Develop a framework to focus IS technical resource, working with TSPs on the high risk areas in order to comply with the Information Security Policy
- Identify and escalate as appropriate significant and major security breaches and vulnerabilities
- Definition and continuous improvement of technical risk MI and reporting-
- Management of high quality reports and dashboards that clearly explain security breaches and the technical IS risk position
- Work with TSPs to implement consistent and effective technology security monitoring
- Lead development of key technology research and development, working closely with the TSPs
- Drive implementation of new techniques and technologies as appropriate
- Lead the Information Security Technical Group and implement quality assurance of reporting to Information Security Technical Group
- Establish effective governance, monitoring and oversight, holding TSPs accountable for their IS Risk position-
- Develop and maintain technical security policies and guidance
- Provide technical advice and guidance as required
- Provide research and development services to the RBS Group with respect to IT Security ensuring that initiatives are focussed on addressing the current threats and trends impacting the RBS Group
- Understand the IT environment of the Group's infrastructure and applications
- Understand any relevant Global laws and regulations
- Perform external benchmarking and retain good industry contacts for technical forensics
- Commercial awareness, able to relate technical matters to wider business considerations and conscious of the bottom line implication of Infrastructure design decisions
Financial Management - Operate within financial boundaries set by the CISO, including travel, technology implementation, third party and contract resource costs
- Manage the budget for any external spend in relation to Technical Security
People Management - Direct responsibility for 6 direct reports
- Lead the team in accordance with the Group's Leadership Capability Framework, ensuring stretching objectives and personal development plans are in place for all people in team
- Identify relevant training for this role and team to maintain required level of technical expertise within the Group
The Individual
Risk Management - Understand the severity of incidents identified- Prioritise and manage these appropriately to provide the level of response required and communicate the associated risk to the business
- Establish and monitor the IT Risk positions across the RBS Group and drive TSPs to action as appropriate
Experience: - Proven experience of performing / leading technical security in a Financial Services organisation (10+ years)
- Significant experience of leading complex teams across geographical boundaries in a large organisation
- Experience of managing a technical or information security team
- In depth Information Security experience
- Working with a broad range of business units across the RBS Group or other Global organisations
Technical Knowledge: - Industry relevant qualifications
- Very good understanding of technology infrastructure, penetration testing, forensics and IT Security
- Working knowledge of Technical Security technologies
- Formal certifications: CISA, CISM, CISSP, CCIEC (Security), etc-
Desirable - IP Networks, Java, Web application security, email, middleware (e-g- Websphere), authentication, encryption-
- Vontu and other monitoring applications/ solutions
- Mainframe/midrange (IBM Z/OS, AS/400, Tandem)-
- Firewalls (Checkpoint Firewall-1, Cisco)-
- Network Security-
- Oracle and other Databases
- UNIX (HP, SUN and IBM AIX)
- Windows NT/Windows 2000/Windows XP/Win2003
- IDS and IPS
- Messaging systems (Lotus Notes/Exchange)
- VoIP
- MPLS VPNs, VPNs, IP Sec
- TOGAF
| 
