Job Views:  
2455
Applications:  74
Recruiter Actions:  0

Posted in

IT & Systems

Job Code

685869

Assurance Director - Technical Control - Information & Cyber Security - BFS

Posted 5 years ago
Posted 5 years ago

The key objectives for this role, are to effectively establish and execute technical assurance processes for ICS capabilities: 

- During the system development lifecycle (via requirements, design and testing checks).

- In the BAU environment.

Key responsibilities include :

- Supporting Strategic Delivery and Risk Reduction

- Build effective relationships with leaders to facilitate

- The provision of timely, expert advice and assurance to influence the development and operation of ICS capabilities.

- Partnerships with other functions to provide professional advice and assurance.

- Support stakeholders in defining remediation activities/solutions to address identified issues.

Providing Expert Assurance :

- Define and maintain an efficient technical assurance methodology which delivers risk focused, timely and re-performable assurance on key controls, to support and maintain ICS risk reduction.

- Define and maintain an assurance plan based on continuous risk assessment. This plan will be agile; focused on both the current and emerging risks; and regularly re-assess and update the plan as the ICS risk profile of the businesses changes.

- Independently assess ICS capabilities during the development lifecycle including requirements, design and testing, and in BAU, to determine whether they deliver compliance with ICS standards and achieved intended risk reduction outcomes.

- Ensure assurance and approval is fully integrated and planned; commission or deliver impartial reviews to provide stakeholders with confidence in the achievement of their intended outcomes and compliance with standards.

- Support stakeholders in defining remediation actions / solutions to address identified findings from technical assurance reviews.

- Validate that the completed remediation activities address the risk in the identified assurance findings

Act as an advocate of good practice and - critical friend- to support the - Global Head Operations - Cyber, Data, Privacy and Automation-, ICSTRP AE, Chief Information Security Office, and Global Head of Security Technology Services in achieving and maintaining ICS risk reduction outcomes.

Developing Capability and Supporting Success :

- Facilitate the learning from previous ICS experience by identifying and communicating transferable lessons, helping to embed these lessons, and encouraging best practice.

Risk Management :

- Support liaison with Group Internal Audit and any regulatory inspections as required.

- Provide assurance that the delivery and operation of ICS capabilities is in line with the ICS Policy and underlying technical standards.

- Assist in identifying, assessing, monitoring, controlling and mitigating ICS risks to the Group.

- Adopt an anticipatory approach to risk assessment through stakeholder engagement and monitoring of the external environment to improve assurance planning.

- Work with other control assurance teams to drive efficiency, effectiveness and reduce duplication.

Business, Functions and Regions :

- Provide robust challenge and escalation to senior management and all relevant business/function/region stakeholders to ensure activities achieve and maintain ICS risk reduction.

- Maintain strong stakeholder engagement with BISOs, Chief Information Security Office, Technology Services MT, T&I MT, Risk & Compliance, and Group Internal Audit and COOs to ensure alignment across stakeholder groups

Governance :

- Provide timely and accurate reporting to appropriate committees

- Ensure appropriate oversight and facilitate resolution of high impact risk and issues

Processes and Alignment :

- Drive the continuous improvement of the technical assurance methodology and ICS Risk Type Framework, by ensuring alignment between the two frameworks and lessons on key controls and control tests are continually shared.

Leadership, People and Talent :

- Provide proactive self-orienting and self-motivating leadership, and work with limited direction

- Provide strong leadership, management and coaching

- Lead through example and build the appropriate culture and values. Set appropriate tone and expectations, and work in collaboration with risk and control partners.

Communication :

- Regularly share lessons learnt and best practice in a timely manner across ICSTRP, BISOs, CISO, STS and the businesses/functions

Regulatory and Business Conduct :

- Display exemplary conduct and live by the Group's Values, Valued Behaviours, and Code of Conduct

- Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across the Bank.

- Effectively and collaboratively identify, escalate, mitigate, and resolve risk, conduct and compliance matters.

Key Stakeholders :

- Global Head Operations- Cyber, Data, Privacy and Automation

- Accountable Executive, ICS TRP

- Head of Investment Delivery Assurance, ICS TRP

Chief Operating Officers :

- Security Technology Services MT

- Technology Services MT

- Global Head Governance & Change, CIO

- Chief Information Security Office

- Head, Operational Risk Information Security

- Group Operational Risk

- Head, Audit - Information Security & Cyber

Didn’t find the job appropriate? Report this Job

Job Views:  
2455
Applications:  74
Recruiter Actions:  0

Posted in

IT & Systems

Job Code

685869

UPSKILL YOURSELF

My Learning Centre

Explore CoursesArrow