About the role
The specialist will work under the responsibility of the Head of IS Services and Risk Management and will report to the Secure Project Lifecycle Team Lead. The responsibilities of the role will include the following:
- Review submission of IS Criticality Assessment (ISCA) questionnaire
- Determine high-level security requirements and project criticality, based on standard project activities and data classification from DP pre-screening
- Work with assigned architect to ensure security requirements are finalized in design (High-Level Design), review with Enterprise Architecture, Solutions Architecture, Cyber Security and Cyber Assurance
- Review of all security requirements and evidence provided by the scrum master to support closure of each requirement:
- Review and feedback on ISCA questionnaire
- Review and feedback on High-Level Design (HLD)
- Present at ISCA Project Technical Review
- Attend and obtain HLD sign-off at Technical Design Authority, Solutions Design Authority (SDA)
- Obtain Business Partner Risk Evaluation Platform (BPREP) scorecard for 3 rd Party SaaS solutions from Security Contracts team
- Obtain Identity & Access Management (IAM) assessment signoff from IAM Team.
- Obtain Minimum Technical Security Baseline compliance reporting from QualysGuard
- Obtain Cloud Permit from Enterprise Architecture
- Obtain Code Review and Analysis - in-house solutions only.
- Self-serve vulnerability assessment compliance report of assets in scope
- Liaise with Cyber Assurance on penetration testing of solution and obtain sign-off
- Obtain Digital Hub registration for external facing solutions from Cyber Assurance
- Produce ASRM Security Assessment closure report
- Perform a final review of all open security requirements and their status before any stage gate approval can be provided (effectively the Production Go/No-go decision). Ensure the firm ASRM processes are followed
- Store all evidence in IS project's shared area
- Update the project register daily to ensure project status is maintained and update the ASRM Security Assessment template as a record of activity. Submit ASRM form for sign off to complete the risk assessment
- Manage project RAG status ensuring activities trending amber and red are highlighted to management and the scrum master
- Liaise with the scrum master to support the development of the risk acceptance (PM is responsible) where needed
- Attend meetings with the scrum master, delivery squads, stakeholders, ISCA technical review, architectural design authorities and pen testing reviews. Challenge design decisions not compliant with security, escalate issues when they become known, and offer options to resolve
As an ideal candidate, you will have an industry certification such as CISSP/CISM/CRISC and have expert knowledge of project-based Information Security. You will also have a proven track record of delivery in a similar role. Experience in financial services is highly advantageous.