Cyber Security SME

Full time
Posted 4 miesiące ago

Our client’s Digital Solutions (HDS) is an integrated global group of over 3500 technologists and commercial thinkers, working across the globe. Our Client is building digital solutions that will impact the lives of over 41 million customers worldwide. The work of the Digital teams includes developing new mobile apps and online experiences; using digital messaging to enhance customer relationships; building and improving the underlying technology and security platforms; and innovating propositions to compete effectively in a mobile, data-driven world. You will be part of a cross functional team transforming our client’s digital capabilities. Driving innovation, delivering products in ever shortening cycles and helping to drive the continuous improvement of our client’s processes, tooling and engineering practices.

Job Purpose

Build and lead global relationships for Cybersecurity (sitting within the wider IT organization) dedicated to a Service Line or Region within RBWM IT. As the embedded Cybersecurity owner for that Service Line or Region, promote the principles of secure development and ensure effective coverage for all Cybersecurity services consumed.

The Team Leader – IT Security, called hereafter as Embedded SME for the designated Service Line(s)/ Region, is responsible for the following key activities:

•             Own the relationship between the Service Line/ Region and Cybersecurity, reporting to RBWM IT CISO with a dotted line into the Service Line Lead/ Regional CIO.

•             Provide specialist technical knowledge and experience to influence a strong SDL culture of ‘secure from start’ within the Service Line/ Region.

•             Lead the Information Security agenda within the Service Line/ Region, including driving business/functional stakeholder engagement to ensure delivery of security programme and projects.

•             Develop and maintain strong relationships with the Regional Heads of the Service Line and of Cybersecurity to ensure optimum synergy and collaboration between them for embedding security.

•             Evangelize adoption of security tools, integrate them with the CI/CD pipeline, ensure they are fine-tuned to minimize false-positives, and eventually enforce block-mode compliance in each build, unless there is an explicit business approved risk-acceptance/ dispensation.

•             Drive timely remediation of identified issues and vulnerabilities within the Service Line to ensure minimum exposure.

•             Guide the Service Line with respect to compliance with relevant security policies, standards and governance, including challenging the risk profile, appetite, incidents and control effectiveness, driving improvement activities where required to ensure operation within appetite.

•             Act as an escalation point for Information Security incidents/issues within the business and engaging with senior management and external regulators as required. Ensure appropriate remedial action is triggered by the root cause analysis.

•             Ensure compliance with information security requirements by third party service providers engaged by that Service Line.

•             Guide secure adoption of code-repositories, cloud, mobile, social, open-banking, and other evolving technologies.

•             Encourage undertaking of foundational and language-specific training by the developers in the Service Line to keep their secure-coding skills sharp and relevant.

•             Facilitate ongoing cybersecurity awareness within the Service Line to strengthen the responsible culture.

•             Guide secure adoption of cloud and other evolving technologies.

•             Experience in supporting the secure design, review and monitoring of security controls for Cloud (e.g. GCP, AWS

•             Working with Architects, Project Teams and other stakeholders to help monitor and remediate any identified gaps in cloud security controls

Organisation structure:

–              Reports to Service Line Lead/ Regional CIO for RBWM IT

–              Matrixed to the RBWM IT CISO

Principal Accountabilities:

• Protect the Bank.  Lead Security embedding within the assigned Service Line or Region, owning the relationship with Cybersecurity.  Uses technical expertise and experience to work collaboratively within the Service Line and Cybersecurity to develop implementable designs, solutions and operational plans to ensure compliant security is enforced.  Leads and drives this change through effective communication, preparation and implementation.

• Driving sustainable growth.  Drive efficiencies in the SDL of the Service Line through ‘secure from start’ development and minimal iterative issue-remediation. Ensure that evolving technologies are embraced with appropriate mitigation controls and contingency planning.

• Achieving excellence.  Catalyze a secure-mindset in the developer community through encouraging of appropriate training and providing ongoing guidance. Generate an environment in which innovation is supported by security in the working practices.

Customers / Stakeholders

 • Customer focus.  Lead a customer-centered culture, championing activities encouraging outstanding customer advocacy. Proactively seek opportunities to utilize strong Cybersecurity principles to improve availability and ensure privacy for customers.

• Strengthening stakeholder relationships.  Enhance key relationships, using rapport-building expertise and appropriate influencing to add value beyond the initial scope, increasing stakeholder advocacy. Maintain key relationships to include technology and business heads across the Service Line/ Region and Cybersecurity and external account managers for third party suppliers and vendors, along with other counterparts across the globe.

• Understanding markets and customers Cultivate strong relationships with organisationally important global and/or high value stakeholders with a tailored approach.

• Deliver fair outcomes for our customers and ensure own conduct maintains the orderly and transparent operation of financial markets.

Leadership & Teamwork

•             Drive the development and communication of a clear vision for secure development and maintenance in the Service Line/ Region that is aligned to the overall client and RBWM vision, values and goals, and inspires and engages people to create an inclusive, high performing, customer-centered culture.

•             Lead, develop and motivate adoption of and compliance with the cybersecurity principles across the lifecycle in the PODs, XFTs, and service Line being supported.

•             Lead and encourage constructive teamwork within the PODs and XFTs by demonstrating collaboration and matrix management in action and taking prompt action to address any activities and behaviours that are not consistent with client’s diversity policy and/or the best interests of the business and its customers.

Operational Effectiveness & Control

•             Lead the continuing development, implementation and improvement of the security processes, controls, and capabilities needed to deliver agreed plans and targets. Collaborate with colleagues to maximise end to end integration, effectiveness and efficiency.

•             Establish and maintain a robust and efficient control environment across the lifecycle to ensure good operational, financial and project management and compliance with client policy and procedures, together with early identification and effective resolution or escalation of issues that arise.

•             Lead the implementation and oversight of the Cyber Risk standards and governance frameworks, procedures and practices to ensure quality, effective risk management and regulatory compliance.

Management of Risk

•             The jobholder will ensure the fair treatment (service excellence) of our customers is at the heart of everything we do, both personally and as an organisation.

•             The jobholder will also continually reassess the Cybersecurity and operational risks associated with the role and inherent in the business, taking account of changing economic or market conditions, legal and regulatory requirements, operating procedures and practices, management restructurings, and the impact of new technology.

•             This will be achieved by ensuring all actions take account of the likelihood of operational risk occurring. Also by addressing any areas of concern in conjunction with entity management and/or the appropriate department.

Observation of Internal Controls

•             Maintains client internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators.

•             The jobholder will also adhere to and be able to demonstrate adherence to internal controls. This will be achieved by adherence to all relevant procedures, keeping appropriate records and, where appropriate, by driving the timely implementation of internal and external audit points, including issues raised by external regulators, and internally identified Cybersecurity risks.

•             The jobholder will implement the group compliance policy by containing compliance risk in liaison with Global Head of Compliance, Global Compliance Officer, Area Compliance Officer or Local Compliance Officer. The term ‘compliance’ embraces all relevant financial services laws, rules and codes with which the business has to comply.

•             This will be achieved by adhering to all relevant processes/procedures and by liaising with compliance department about new business initiatives at the earliest opportunity. Also and when applicable, by ensuring adequate resources.

Local Job Requirements

• Budget & people. This is a stand-alone SME role which will support a large number of developer community and technologists in the assigned Service Line within RBWM IT. It will secure applications leveraging right tools and processes enabled by Cybersecurity. The indirect headcount which will be supported would usually be larger than 150-200 staff.

• Relationships. Key relationships include ownership of the relationship with Cybersecurity and extends to peers across regions, other Service Lines including Digital and Security Function heads and generally up to 2 level higher in the organisation, as well audit, regulators and key government agencies and security forums. May also include external relationships with vendors, focusing on security support to the key engagement partner.

• Regulatory & Risk Management. Working closely with RBWM IT and Regional counterparts, build strong relationships with internal and external stakeholders (risk, audit, government agencies, industry forums etc) to understand the IT/Information Security risk profile, monitor compliance with policies and standards, and identify and address any regional or country specific requirements. 

• Strategic input. Providing influence and input to ensure alignment between Cybersecurity and Service Line/ Region and RBWM IT strategic outcomes and business goals.  Uses technical knowledge and experience to solve complex problems, and propose implementable solutions, to deliver ongoing improvements in line with business strategy.

Certifications, Qualifications & Experience

•             Good understanding of our businesses, regions and applicable laws and regulations

•             Good understanding of banking and security in context of wider industry trends and direction

•             Formal Education and degree in IT, Information security or risk management or similar

•             6+ years of experience in Information Security roles

•             Familiarity with Information Security standards

•             Good project execution experience and analytical skills

•             Good communication and interpersonal skills with the ability to produce clear and concise reports and communications to internal and external stakeholders

•             Excellent stakeholder management skills with a proven ability to build and maintain strong relationships and communicate on complex issues with a wide spectrum of stakeholders.

•             Some programming experience to be able to effectively apply security overlay on SDL.

•             Strong familiarity with and competence in application security tools across the spectrum of SAST, IAST, and DAST.

•             Strong familiarity with OWASP, NIST, and SANS guidelines on application-security.

•             Experience in supporting Agile and DevOps methodologies.

•             Experience in lifecycle management across the CI/ CD pipeline

•             Familiarity with security controls around evolving technologies such as cloud, mobile, social, open-banking, etc.

•             Good understanding of secure adoption of cloud and other evolving technologies.

•             Experience in supporting the secure design, review and monitoring of security controls for Cloud (e.g. GCP, AWS, etc,.)

Apply Online