Our client’s Digital Solutions (HDS) is an integrated global group of over 3500 technologists and commercial thinkers, working across the globe. Our Client is building digital solutions that will impact the lives of over 41 million customers worldwide. The work of the Digital teams includes developing new mobile apps and online experiences; using digital messaging to enhance customer relationships; building and improving the underlying technology and security platforms; and innovating propositions to compete effectively in a mobile, data-driven world. You will be part of a cross functional team transforming our client’s digital capabilities. Driving innovation, delivering products in ever shortening cycles and helping to drive the continuous improvement of our client’s processes, tooling and engineering practices.
Build and lead global
relationships for Cybersecurity (sitting within the wider IT organization)
dedicated to a Service Line or Region within RBWM IT. As the embedded
Cybersecurity owner for that Service Line or Region, promote the principles of
secure development and ensure effective coverage for all Cybersecurity services
The Team Leader – IT Security,
called hereafter as Embedded SME for the designated Service Line(s)/ Region, is
responsible for the following key activities:
the relationship between the Service Line/ Region and Cybersecurity, reporting
to RBWM IT CISO with a dotted line into the Service Line Lead/ Regional CIO.
specialist technical knowledge and experience to influence a strong SDL culture
of ‘secure from start’ within the Service Line/ Region.
the Information Security agenda within the Service Line/ Region, including
driving business/functional stakeholder engagement to ensure delivery of
security programme and projects.
and maintain strong relationships with the Regional Heads of the Service Line
and of Cybersecurity to ensure optimum synergy and collaboration between them
for embedding security.
adoption of security tools, integrate them with the CI/CD pipeline, ensure they
are fine-tuned to minimize false-positives, and eventually enforce block-mode
compliance in each build, unless there is an explicit business approved
timely remediation of identified issues and vulnerabilities within the Service
Line to ensure minimum exposure.
the Service Line with respect to compliance with relevant security policies,
standards and governance, including challenging the risk profile, appetite,
incidents and control effectiveness, driving improvement activities where
required to ensure operation within appetite.
as an escalation point for Information Security incidents/issues within the
business and engaging with senior management and external regulators as
required. Ensure appropriate remedial action is triggered by the root cause
compliance with information security requirements by third party service
providers engaged by that Service Line.
secure adoption of code-repositories, cloud, mobile, social, open-banking, and
other evolving technologies.
undertaking of foundational and language-specific training by the developers in
the Service Line to keep their secure-coding skills sharp and relevant.
ongoing cybersecurity awareness within the Service Line to strengthen the
secure adoption of cloud and other evolving technologies.
in supporting the secure design, review and monitoring of security controls for
Cloud (e.g. GCP, AWS
with Architects, Project Teams and other stakeholders to help monitor and
remediate any identified gaps in cloud security controls
to Service Line Lead/ Regional CIO for RBWM IT
to the RBWM IT CISO
• Protect the Bank. Lead Security embedding within the assigned
Service Line or Region, owning the relationship with Cybersecurity. Uses technical expertise and experience to
work collaboratively within the Service Line and Cybersecurity to develop
implementable designs, solutions and operational plans to ensure compliant
security is enforced. Leads and drives
this change through effective communication, preparation and implementation.
• Driving sustainable growth. Drive efficiencies in the SDL of the Service
Line through ‘secure from start’ development and minimal iterative
issue-remediation. Ensure that evolving technologies are embraced with appropriate
mitigation controls and contingency planning.
• Achieving excellence. Catalyze a secure-mindset in the developer
community through encouraging of appropriate training and providing ongoing
guidance. Generate an environment in which innovation is supported by security
in the working practices.
Customers / Stakeholders
• Customer focus. Lead a customer-centered culture, championing
activities encouraging outstanding customer advocacy. Proactively seek
opportunities to utilize strong Cybersecurity principles to improve
availability and ensure privacy for customers.
• Strengthening stakeholder
relationships. Enhance key
relationships, using rapport-building expertise and appropriate influencing to
add value beyond the initial scope, increasing stakeholder advocacy. Maintain
key relationships to include technology and business heads across the Service
Line/ Region and Cybersecurity and external account managers for third party
suppliers and vendors, along with other counterparts across the globe.
• Understanding markets and
customers Cultivate strong relationships with organisationally important global
and/or high value stakeholders with a tailored approach.
• Deliver fair outcomes for our
customers and ensure own conduct maintains the orderly and transparent
operation of financial markets.
Leadership & Teamwork
the development and communication of a clear vision for secure development and
maintenance in the Service Line/ Region that is aligned to the overall client and
RBWM vision, values and goals, and inspires and engages people to create an
inclusive, high performing, customer-centered culture.
develop and motivate adoption of and compliance with the cybersecurity
principles across the lifecycle in the PODs, XFTs, and service Line being
and encourage constructive teamwork within the PODs and XFTs by demonstrating
collaboration and matrix management in action and taking prompt action to
address any activities and behaviours that are not consistent with client’s
diversity policy and/or the best interests of the business and its customers.
Operational Effectiveness &
the continuing development, implementation and improvement of the security
processes, controls, and capabilities needed to deliver agreed plans and targets.
Collaborate with colleagues to maximise end to end integration, effectiveness
and maintain a robust and efficient control environment across the lifecycle to
ensure good operational, financial and project management and compliance with client
policy and procedures, together with early identification and effective
resolution or escalation of issues that arise.
the implementation and oversight of the Cyber Risk standards and governance
frameworks, procedures and practices to ensure quality, effective risk
management and regulatory compliance.
Management of Risk
jobholder will ensure the fair treatment (service excellence) of our customers
is at the heart of everything we do, both personally and as an organisation.
jobholder will also continually reassess the Cybersecurity and operational
risks associated with the role and inherent in the business, taking account of
changing economic or market conditions, legal and regulatory requirements,
operating procedures and practices, management restructurings, and the impact
of new technology.
will be achieved by ensuring all actions take account of the likelihood of
operational risk occurring. Also by addressing any areas of concern in
conjunction with entity management and/or the appropriate department.
Observation of Internal
client internal control standards, including timely implementation of internal
and external audit points together with any issues raised by external
jobholder will also adhere to and be able to demonstrate adherence to internal
controls. This will be achieved by adherence to all relevant procedures,
keeping appropriate records and, where appropriate, by driving the timely
implementation of internal and external audit points, including issues raised
by external regulators, and internally identified Cybersecurity risks.
jobholder will implement the group compliance policy by containing compliance
risk in liaison with Global Head of Compliance, Global Compliance Officer, Area
Compliance Officer or Local Compliance Officer. The term ‘compliance’ embraces
all relevant financial services laws, rules and codes with which the business
has to comply.
will be achieved by adhering to all relevant processes/procedures and by
liaising with compliance department about new business initiatives at the
earliest opportunity. Also and when applicable, by ensuring adequate resources.
Local Job Requirements
• Budget & people. This is a
stand-alone SME role which will support a large number of developer community
and technologists in the assigned Service Line within RBWM IT. It will secure
applications leveraging right tools and processes enabled by Cybersecurity. The
indirect headcount which will be supported would usually be larger than 150-200
• Relationships. Key relationships
include ownership of the relationship with Cybersecurity and extends to peers
across regions, other Service Lines including Digital and Security Function
heads and generally up to 2 level higher in the organisation, as well audit,
regulators and key government agencies and security forums. May also include
external relationships with vendors, focusing on security support to the key
• Regulatory & Risk
Management. Working closely with RBWM IT and Regional counterparts, build
strong relationships with internal and external stakeholders (risk, audit,
government agencies, industry forums etc) to understand the IT/Information
Security risk profile, monitor compliance with policies and standards, and
identify and address any regional or country specific requirements.
• Strategic input. Providing influence and input to ensure alignment between Cybersecurity and Service Line/ Region and RBWM IT strategic outcomes and business goals. Uses technical knowledge and experience to solve complex problems, and propose implementable solutions, to deliver ongoing improvements in line with business strategy.
understanding of our businesses, regions and applicable laws and regulations
understanding of banking and security in context of wider industry trends and
Education and degree in IT, Information security or risk management or similar
years of experience in Information Security roles
with Information Security standards
project execution experience and analytical skills
communication and interpersonal skills with the ability to produce clear and
concise reports and communications to internal and external stakeholders
stakeholder management skills with a proven ability to build and maintain
strong relationships and communicate on complex issues with a wide spectrum of
programming experience to be able to effectively apply security overlay on SDL.
familiarity with and competence in application security tools across the
spectrum of SAST, IAST, and DAST.
familiarity with OWASP, NIST, and SANS guidelines on application-security.
in supporting Agile and DevOps methodologies.
in lifecycle management across the CI/ CD pipeline
with security controls around evolving technologies such as cloud, mobile,
social, open-banking, etc.
understanding of secure adoption of cloud and other evolving technologies.
• Experience in supporting the secure design, review and monitoring of security controls for Cloud (e.g. GCP, AWS, etc,.)