Provide oversight and challenge of first line IT activities to ensure the bank remains compliant with regulator standards and industry expectations for Information and Cyber Security. Key Responsibilities To review the information security policies and accompanying standards, procedures and guidance to ensure they meet regulatory requirements, industry expectations and alignment to ISO 27001. Provide oversight to ensure security by design is integrated into technology standards and project deliverables. Perform reviews of services and locations to ensure risks and control requirements are understood and managed within risk appetite. Review and provide challenge to enure the Information Security Risk Management framework is complete and risks are approriateyly documented, managed or mitigated. To develop and deliver a programme of planned compliance reviews and ensure any improvements are identified, reported and addressed. To promote security awareness by developing and implementing a security awareness and training programme. To provide operational reporting of Information and Cyber Security key performance and risk indicators for the Information Security Group (ISG). Co-ordinate risk management and compliance actitivites within the ISG. Represent the second line Risk function on projects where there is significant IT, information and cyber risk. Key Interfaces IT Team Key stakeholders and Senior Management All business areas across the Group 3rd party suppliers Person Specification Knowledge & Experience
• Broad knowledge of Information and Cyber Security
• Financial Services background desirable
• Working with PCI DSS and ISO 27001 standards
• Analytical and problem solving skills
• Highly computer literate; with strong Business Analysis skills Communication Skills Excellent communication skills both written and verbal with colleagues, providers and senior management. Core Competencies Problem Solving & Judgment Customer Focus Planning & Reviewing Performance Focus Expert Knowledge Communication & Confidence