Information Security Risk Specialist – Investment Bank recruitment
The Information Security Risk Specialist is a member of the Group Information Security Office (GISO) and works closely with the IB Divisional ISO in establishing the Information Security control framework within IB. This is done by identifying information security risks, acting as a subject matter expert in the field of information security, driving information security initiatives, and fostering the exchange of information with IB and within the GISO organization.
The primary responsibility of the Information Security Risk Specialist - IB is to act as the point of contact to the Divisional Information Security Officer for Investment Bank, reporting to the Group Information Security Officer.
- Supports IB DISO with the implementation of the operational risk framework and especially with operational risk assessment for Data Protection
- Ensures consistency of IB internal controls and operational risk assessments with ORC standards and agrees on control monitoring requirements (positive affirmation of effective performance)
- Understands IB business inherent risk exposure and risk appetite related to information security and follows up on central information security indicators
- Identifies the key information security risk scenarios impacting IB and supports the identification of the critical controls required within the business
- Assesses known information security weaknesses and the adequacy of associated remediation activities
- Builds close links with IB division teams in relation to Information Security risks and issues
- Supports the definition of the Information Security Framework for IB in alignment with Group Information Security Policy Framework
- Oversees the development of the information security framework and governance within IB, ensuring completeness of functional and geographical coverage
- Establishes and maintains strong links within the industry to ensure that Information Security related industry news and regulatory developments are embedded within the Framework and provides a view on future developments
- Supports the definition of Information Security training requirements and mechanisms to promote and instill a culture of Information Security risk management and awareness within IB
- Supports the analysis of root causes on information security risk events and, where deemed relevant, provides benchmarking analyses on events that occurred in the industry
As a member of the GISO organization, the Information Security Risk Specialist: - Acts as an advisor and Subject Matter Expert for information security related risk assessments, incident analysis and strategic initiatives as well as in the development and introduction of relevant business initiatives
- Ensures steady information flow between ORC, IB, other DISOs and further information security stakeholders as well as within the GISO organization
- Facilitates and implements sustainable information security risk remediation programs
Requirements
- Substantial experience within the Financial Industry with a particular focus on Information Security relevant aspects
- Solid understanding of Investment Banking business and especially of control and business enabling functions (e.g. IT, Operations, etc.)
- Substantial experience in the analysis of Information Security Risk issues and their business impact
- Excellent problem solving and analytical skills
- Team player with the ability to work independently to organize, manage and complete projects within tight deadlines.
- Persuasive oral and effective written presentation skills
- Has a strong understanding of available resources available and leverages and uses them effectively
- Interacts well with all levels of employees within a global organization
May 3, 2012
• Tags: Information Security Risk Specialist, Information Technology careers in the UK, Investment Bank recruitment • Posted in: Financial