Working within the Global Information Security (GISO) team, this role supports both the regional and global teams with the provision and analysis of quality information security data obtained through risk and control assessments provided by IT partners, third party suppliers and Business Units across the Company. The role will be responsible for the oversight of junior staff in the execution of the security and risk services, spanning vendor risk management, client compliance, regulatory compliance, and internal company security compliance. In conjunction the role works to provide support and assurance to the GISO, GTS Leadership Team (LT), clients and the wider business
- Lead a team of staff in providing security and risk services across the company with set deadlines and timelines.
- With a good understanding of international security specific standards and relevant industry regulations (ISO 27001, PCI, GDPR, etc.), assist in the completion of information security risk and control assessments across the Company, in line with the Information Security Risk Assessment Process & Procedure and compile simple meaningful reports and metrics that enable the business to understand and limit the information security risks which the Group and regions faces
- Have a good working knowledge of information security controls and testing methodologies
- Utilizing existing knowledge of security threats, assess information security risks and confirm the adequacy of information security to management requirements
- Create and maintain strong, influencing relationships with all major business stakeholders and IT colleagues; assist them in mitigating risks, in line with information security risk management framework
- Provide support in vendor (3rd party) risk assessments including the delivery of quality inputs/ outputs for the meetings and the subsequent follow up on agreed actions and remediation
- Develop standard responses for client security questionnaires, particularly those based on the Shared Assessments methodology, for use in building a scalable response process.
- Collaborate with Service Line organizations in responding to client security questionnaires, using standard answers where possible, and participating in client security audits.
- Support the continuing embedding of the Information Security Risk Framework and processes
- Support the Information Security Risk Leads in preparing and delivering their BAU programme of work and ad-hoc reporting requirements for the Leadership Team
- Lead or participate in various security, risk management, and other initiatives.
- Provide support to strategic IT initiatives, programs, and projects, including client facing programs, to ensure the correct identification and mitigation of IT risks and incorporation of commercially useful security and privacy measures.
- Ensure information security governance and processes align to wider programme information security processes and operate effectively.
- Ensure information security risks reported to the Business and SLT are timely and appropriate, driving actions and tracking improvement across the function.