A leading Financial Services Institution are looking to bring on board a Cyber Risk Consultant to be responsible for maintain high level Cyber Risk policy and embedding regulatory and industry good practice.
The key responsibilities in this role wll be:
- To develop and maintain high level Cyber Risk policy, embedding relevant regulatory and industry
good practice requirements - To manage the risk appetite statements for technology and digital risks in relation to cyber and provide
reporting to the Risk committee of performance against these statements sampling - To oversee and guide cyber risk mitigation projects and controls improvement/ initiatives
- To assess the effectiveness of processes and internal controls implemented by the first line and
infrastructure functions through a programme of a sampling to evaluate their quality and associated
documentation, and feedback for action - To participate in cyber incident response planning, testing, and execution when invoked to support a real
incident - To participate in the annual programme of deep dive and thematic reviews, where these relate to cyber and
understand the lessons learnt - To assess first line processes and technical analysis of cyber security events and root cause as well as
remedial solutions, and provide a second line view on their effectiveness - To provide advice and guidance on compliance with regulatory requirements that relate to cyber risk
The ideal candidate will have:
- Experience of delivering Deep dive reviews and control assessments
- Experience of analysing and interpreting complex rules and regulations and applying such knowledge to
provide solutions to business problems and issues - Experience of guiding the response to Cyber attacks and other security incidents
- Experience challenging the business's (including IT) cyber direction
- Experience in communicating the practical impact of regulatory obligations
- Knowledge of financial services regulatory and legislatory frameworks
- Knowledge of Cyber incident response
- Knowledge of key security technologies
- Knowledge of protection methods for online customer transactions
- Knowledge of Prudential products, systems and distribution > methods
- Knowledge of risk frameworks and their oversight
- Knowledge of life and pensions products, markets, and competitors
- Knowledge of cyber (including Information security) risk and controls including strategy and external threats
- Knowledge of the Statements of Principle and Code of Practice
If you are interested in this role please apply below or contact me for more information.
Eames Consulting is acting as an Employment Agency in relation to this vacancy.