You are here
Head of Information Security Risk
Information Security operational risk
About Our Client
Leading Banking Group
- The Information Security Risk function is transforming, and this role is being created, in response to four main drivers:
- Bank's realignment around Global Businesses and Global Functions
- Deployment of the Lines of Defence Model
- Need to become more efficient and standardized
- Need to become intelligence led to effectively keep pace with ever increasing and sophisticated threats.
- Multi dimension services from risk assessment to operated controls executed in multiple regions and countries for Global Business, Global Functions and HTS.
- Needs to balance a diverse range of competing priorities several of which will be time critical.
- Work across several disciplines including process development and technology.
The Successful Applicant
- Minimum Bachelor Degree and/or related experience in the Financial Services industry or global corporate service provider
- The role requires a good knowledge of Information Security Risk policies, standards and controls at senior level
- Possess good planning skills to allow effective planning of the work needed to undertake an assurance review, track progress against plan, and meet strict and challenging deadlines.
- Should possess good analytical skills to understand / undertake analysis and interpretation of information risk related data for the area under review and to analyse the responses and information supplied by the 1LoD Representative(s) during the review.
- Have the ability to assess the effective application of Information security Controls by the first line of defence.
- Have experience of dealing with senior management across Global Businesses and Functions.
- Understanding of risk management, electronic communication, information security risks and HSBCs risk / control frameworks or those of other Financial Institutions
- Ability to communicate effectively with technical and non-technical internal stakeholders
- Ability to work in a diverse, global environment
- Excellent written and oral communication, research, analytical and process engineering skill
- Flexibility in working arrangements, as the role is likely to require irregular working hours
- Able to explain information security risks clearly and in non-technical language to the business and how these apply to them.
- Have knowledge of ISR's role within the three lines of defence and the Operational Risk frameworkAble to assess the design effectiveness and operational effectiveness of information risk related controls in Risk & Control Assessments and Internal Control Monitoring Plans
- When required, be able to provide advice to areas that have been reviewed on how to address any identified information security weaknesses.
- Have an understanding of the Operational Risk framework, in particular RCAs, ICMPs and issue and incident management.
- Able to work effectively with other areas outside of Information Security Risk such as Audit and other second line of defence areas, especially Operational Risk.
- Proven experience of leading teams
What's on Offer
competitive package on offer