Senior Data Governance Risk Manager

Main Responsibilities & Accountabilities:

Perform Current-State Analysis:

• Assess the Bank’s existing information security (IS) control environment (considering all aspects of technology IS, data assets, and cyber risks and resilience controls).
• Identify the current controls aligned to these risks and highlight potential control gaps.
• Develop a strategy for enhancement to manage those risks in line with the Bank’s agreed risk appetite.

Governance Framework:

• Design and maintain a governance framework to capture strong cyber resilience, information security, data security, and data protection.

Supervisory Oversight:

• Provide Bank-wide supervisory oversight, management reporting, and policy for the existing IS, data, and cyber control framework.
• Support delivery of activities identified in the annual Compliance Monitoring Plan, such as:
• COBS - Record Keeping & Document Retention Bank-wide supervisory oversight.
• Annual Business Outsourcing reviews.
• Regulatory reporting such as the REP018 and REP020 Quarterly returns.
• Maintain policies for existing IS, data, and cyber control frameworks.
• Conduct compliance email phishing exercises and data exfiltration reviews.

Compliance & Risk Monitoring:

• Undertake ongoing monitoring of key data and IS risks.
• Develop and deliver staff and stakeholder training on data protection/privacy regulatory requirements and cyber security.
• Enhance management reporting information (KRI/KPIs), present performance status, and escalate issues to Senior Management where necessary.
• Build a profile of the Bank’s cyber threats and associated controls and provide Management with recommendations to enhance key cyber controls.

Deputy Data Protection Officer Role:

• Fulfill the Deputy Data Protection Officer role in line with the requirements of current and incoming Data Protection Regulations (GDPR).
• Assess the effectiveness of current ICBC data and records management controls and develop enhancement action plans where these may be required.

Operational Resilience:

• Provide advice and ongoing oversight on Operational Resilience, aligning the Bank’s practices with regulator expectations.

Skills Required:

• Compliance background with proven ability to develop and publish business-standard policy, procedures, assessment reports, action plans, and similar documentation.
• Practical experience in a senior role in a Retail, Wholesale, or Capital Markets financial services organization with responsibility for Data Protection, Data Governance, and/or Information Security.
• Good working knowledge of current and changing cyber threats and mitigating control strategies with demonstrable experience of working with or advising on a cyber control activity or change project.
• Practical understanding of key aspects of UK data and information protection regulations (GDPR) and best practices.
• Excellent communication skills to ensure risk and control understanding is embedded throughout the business.
• Familiarity with cross-border aspects of current and incoming UK and European data and information security regulations.
• Strong interpersonal and presentation skills, providing one-to-one, structured training, and management reporting to staff at all levels of the Bank.

Application:

To apply, please submit your resume through this job posting.