Main Responsibilities & Accountabilities:
Perform Current-State Analysis:
- Assess the Bank’s existing information security (IS) control environment (considering all aspects of technology IS, data assets, and cyber risks and resilience controls).
- Identify the current controls aligned to these risks and highlight potential control gaps.
- Develop a strategy for enhancement to manage those risks in line with the Bank’s agreed risk appetite.
Governance Framework:
- Design and maintain a governance framework to capture strong cyber resilience, information security, data security, and data protection.
Supervisory Oversight:
- Provide Bank-wide supervisory oversight, management reporting, and policy for the existing IS, data, and cyber control framework.
- Support delivery of activities identified in the annual Compliance Monitoring Plan, such as:
- COBS - Record Keeping & Document Retention Bank-wide supervisory oversight.
- Annual Business Outsourcing reviews.
- Regulatory reporting such as the REP018 and REP020 Quarterly returns.
- Maintain policies for existing IS, data, and cyber control frameworks.
- Conduct compliance email phishing exercises and data exfiltration reviews.
Compliance & Risk Monitoring:
- Undertake ongoing monitoring of key data and IS risks.
- Develop and deliver staff and stakeholder training on data protection/privacy regulatory requirements and cyber security.
- Enhance management reporting information (KRI/KPIs), present performance status, and escalate issues to Senior Management where necessary.
- Build a profile of the Bank’s cyber threats and associated controls and provide Management with recommendations to enhance key cyber controls.
Deputy Data Protection Officer Role:
- Fulfill the Deputy Data Protection Officer role in line with the requirements of current and incoming Data Protection Regulations (GDPR).
- Assess the effectiveness of current ICBC data and records management controls and develop enhancement action plans where these may be required.
Operational Resilience:
- Provide advice and ongoing oversight on Operational Resilience, aligning the Bank’s practices with regulator expectations.
Skills Required:
- Compliance background with proven ability to develop and publish business-standard policy, procedures, assessment reports, action plans, and similar documentation.
- Practical experience in a senior role in a Retail, Wholesale, or Capital Markets financial services organization with responsibility for Data Protection, Data Governance, and/or Information Security.
- Good working knowledge of current and changing cyber threats and mitigating control strategies with demonstrable experience of working with or advising on a cyber control activity or change project.
- Practical understanding of key aspects of UK data and information protection regulations (GDPR) and best practices.
- Excellent communication skills to ensure risk and control understanding is embedded throughout the business.
- Familiarity with cross-border aspects of current and incoming UK and European data and information security regulations.
- Strong interpersonal and presentation skills, providing one-to-one, structured training, and management reporting to staff at all levels of the Bank.
Application:
To apply, please submit your resume through this job posting.