Location City of LondonFULL_TIME
Consultant David Hitchings
Date posted 06 September 20192019-09-11 2019-11-05 banking City of London London GB GBP 80000 100000 100000 YEAR Robert Walters https://www.robertwalters.co.uk https://www.robertwalters.co.uk/content/dam/robert-walters/global/images/logos/web-logos/square-logo.png
While primary responsibility for ensuring the firm has appropriate processes and governance to manage resilience resides in the first-line-of-defence, the second-line-of-defence has responsibility for independent oversight of these arrangements. Reporting to the Head of Operational Risk Management, the role holder is responsible for providing this second-line oversight.
Working with first-line control functions across the firm, the role holder is responsible for ensuring independent assessment of the firm’s framework and arrangements for managing operational resilience and that appropriate measures are in place to meet regulatory obligations. This includes the following:
- Information Technology risk, including cyber risk and information security;
- Suitability and readiness of Business Continuity arrangements;
- Third-party risk management (“TPRM”);
- End-user computing; and
- Data control.
Oversight includes, inter alia, ensuring that:
- Critical business services have been identified;
- Risks and threats are identified, appropriately understood, assessed, and monitored;
- Tolerance is clearly defined and agreed;
- Appropriate procedures are in place, and tested, to withstand, absorb and recover from critical incidents;
- Appropriate governance arrangements are in place to monitor the effectiveness of the firm’s arrangements; and
- Appropriate policies are in place in both first and second lines of defence.
- Experience within a technology and/ or information security risk role or similar, such as IT audit.
- Experience implementing and/ or managing control frameworks in relation to technology, information security or cyber security risk.
- Experience of technology risk management, mitigation and reporting.
- Track record of delivering change.
- Experience in an Investment Bank.
- Experience of third-party risk management.
- Experience of Penetration Testing.
- Experience of Business Continuity management, including planning, testing and execution.
- Experience of managing security and major incident events, including escalation, mitigation and reporting.
- Experience of IT change management.
- Presentation up to Executive & Board level.
- Experience producing and reviewing policies.
- Detailed understanding of the current information security threat landscape.
- Strong risk and control mind-set.
- Commercial acumen.
- Ability to translate technical details into business language for a non-technical audience.
- Strong written and verbal presentation skills.
- Proactive, analytical, committed, energetic, tenacious, can-do attitude.
- Knowledge of investment banking products.
- Familiarity with information security standards and frameworks such as CBEST, COBIT.
- Root cause analysis.
- Preparation and review of policies.
If interested please do get in touch ASAP!