An Information Security Risk Manager role has arisen within a Tier 1 investment Bank based in London. This bank are a sought after employer due to their strong reputation and good excellent career progression opportunities.
Reporting to the regional CIO's and working alongside with technology risk managers, the Information Security Risk manager will be responsible for ensuring appropriate visibility of the information security risk posture of the business line under their remit and challenging stakeholders on any risk appetite breaches
Key duties are as follows:
- Liaise with CIOs, to understand the current risk landscape, and to follow-up on any respective risk management / mitigation
- Maintain on-going visibility of IT key initiatives and helping to prioritise Info Sec Risk oversight according to risk
- Increase the understanding of information risks within the IT functions by explaining these in business terms and helping them to ensure that these are kept within their risk appetite by recommending mitigating actions
- Maintain oversight of information and cyber security risks owned by Technology functions by reviewing RCAs, MSIIs, Internal Audit findings, BRCM reviews and any other ISR related KRIs to establish risk themes and provide advice on remediation
- Provide risk opinion and guidance to IT functions on dispensation requests.
- Manage and maintain close oversight on all information and cyber security related incidents with a view to provide assurance that risks and impacts have been handled effectively and lessons accordingly learnt
- Supporting the IT functions as both risk and control owners in the RCA process, and guide IT in the use of the ISR Risk and Control Library to ensure relevant information security risks and controls are included in the RCA.
- Providing 2LoD visibility on current threats and mitigation, intelligence, cyber security incident management
- Establish and lead Information and cyber Security Risk governance over IT, and represent ISR on key risk management committees
- Build extensive and deep relationships with key risk and control owner stakeholders
- Regularly engage support functions complementary to information and cyber risk stewardship - including Operational Risk, IT Audit, Legal, and Compliance.
- Work with external auditors and regulators as required.
- Establish information risk visibility to major change programmes. Prioritise to meet limitations of resourcing.
The ideal candidate will match the following description
-
Have extensive and demonstrable information and cyber security risk and operational risk knowledge and experience, particularly operating in a Second Line of Defence role
-
Have gravitas that will be obvious to all parts of the business. which will enable face off to senior SR managers including CIO stakeholders in order to win their confidence and help influence their decisions
-
Knowledge of how major areas of a Global Bank, particularly commercial and investment banking
-
Have excellent communication skills - both verbal and written - to be able to build relationships and influence key internal & external stakeholders
-
A change agent who is not afraid to change the status quo in order to drive Group strategy
-
Experience in dealing with complex matters by adopting a pragmatic approach, identifying core requirements from both a security and a business perspective and translating them into simplified activities that address the problem
-
Significant experience in Information Security Risk management processes
-
Professional related security qualifications preferable such as CISSP, CISM and CRISC
-
Strong technical skills across databases, platforms, networking, Internet, messaging, business applications
-
Strong analytical skills (including with the use of Microsoft Excel)
-
Business fluency in English
If you are interested in this role please apply below or contact me for more information
Eames Consulting is acting as an Employment Agency in relation to this vacancy.
