Chief Information Security Officer-2400005109

Role Responsibilities 

Strategy

• Identify and independently drive strategic change initiatives to deliver on the ICS agenda with a forward-looking view.
• Develop insightful strategies for engaging business on information security matters, ensure investments are prioritised and funding is approved.
• Support delivery of the Bank’s enterprise wide risk management plan and strategy.
• Work with application development organisations to assist in the development of strategies and plans for improving both Architecture and application security.

Business

• Ensure ICS risks in the respective market are proactively managed and effectively controlled, mitigated and remediated with senior stakeholder’s support and buy-in, in line with Group, Region, Country, Business/Function risk appetite and regulatory driven requirements.
• Assist in establishing priorities in partnership with the C-level Management and take responsibility for resolving security issues.
• Ensure that the management of ICS risk is effective and operating efficiently in the respective business / function / region
• Assist in driving security culture/awareness and help improve readiness for a cyber event.
• Ensure information risks are identified, assessed, mitigated and controlled.
• Ensure Critical Information Assets are identified and graded appropriately.  Monitor changes in the risk profile of the highly critical systems.
• Work with IT to validate the resilience of data and IT systems.
• Support Group initiatives ensuring the respective business / function / region needs are represented effectively.
• Face off to the ICS subject matter experts in Group Business lines.

Processes

• Drive the continuous improvement of practices.
• Drive the implementation of the ICS agenda for the respective business / function / region by working with the respective Business/Function Heads, Region / Country Management Team, C-level Management /CIO teams, ISOs and senior ICS leadership.
• Manage ICS risk remediation initiatives and activities including incident responses, crisis exercises, risk assessments, stress testing, regulator engagement.
• Drive the implementation of the ICS RTF in in the respective business / function / region with a focus on key countries. The plan will incorporate digital footprint discovery, threat/risk assessment, definition and implementation of controls as guided by the ICS RTF.

People & Talent

• Maintain strong stakeholder engagement and serve as the business-facing lead with Group, Regional and Country IT, Business/Function, C-level Management, ISOs, Risk & Control stakeholders to bring alignment across stakeholder groups in conjunction with ICS risk management.
• Collaborate with Corporate Communications, threat intelligence and other functions to lead and coordinate the information security change management effort around branding, communications, staff awareness and training.
• Maintain relationships with key service and product owners within Security Technology Services / Cyber Security Services to keep abreast of changes that may affect ICS’s risk landscape.
• Help to interpret and translate the ICS requirements of the ICS programmes into technical requirements when needed.
• Engage external agencies / third parties to understand the threat environment and reported events; assess impact for the respective business / function / region.

Risk Management

• Drive compliance with Group policies standards, and local regulatory requirements.
• Work closely with CISRO, Regional ISO, Country ISO, Head of ICS Governance, TISO, Business and C-level Management to provide oversight, governance and monitoring, and work with various delivery owners to embed the ICS RTF.
• Understand and assess the impact of changes in the policy or procedures on the respective business / function / region and engage with the respective business / function / region Heads to ensure the impact is understood.
• Recommend additions/enhancements/changes to the ICS policy, procedures, and RTF.

Governance

• Monitor ICS risk profile and posture and report any non-compliance to senior management or governance committees.
• Participate and represent the respective business / function / region in Risk Committees, ICS working groups, Programme Steer Cos etc. to provide updates and influence positive outcomes for the Business/Function/Region/Country.
• Validate the accuracy and consistency of KRIs, KCIs and other risk ratings/assessments, as well as process designs using available MI.
• Support the Third-Party Security Assessment team during 3rd party reviews.
• Help design and embed ICS RTF controls in ORF across the respective business / function / region

Regulatory & Business Conduct

• Display exemplary conduct and live by the Group's Values, Valued Behaviours, and Code of Conduct
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across the Bank.
• Effectively and collaboratively identify, escalate, mitigate, and resolve risk, conduct and compliance matters.

Key stakeholders

• CISO, WRB and Markets
• Region CISO
• Market C-level Management and CIO
• ICS Control owners

Our Ideal Candidate

• Education - Degree in Engineering, Computer Science/Information Technology or its equivalent.
• Training
  • Strong knowledge of ICS products and operations will be preferred.
  • Ability to articulate gross and residual risk with specific ability to communicate complex technology and process risk clearly, concisely and accurately to non-technical stakeholders in a lucid way.
  • Strong interpersonal and stakeholder management skills, across various levels in the organization including senior leadership teams, in influencing key decisions taken in the business and in support teams.
  • Strong communication skills – oral, written and presentation. Sound knowledge of MS-Excel, PPT, and Word.
  • Must be a self-starter who is able to initiate and successfully drive programs and projects to completion with little or no management supervision.
  • Strong analytical skills and ability to prioritise, make decisions, and work to tight timeframes.
  • Strong business acumen and deep knowledge and experience in the ICS field.
  • Proven ability to lead highly complex, global activities through influence and credibility rather than command and control.
  • Ability to both assess strategic priorities and to focus on detailed aspects of a function in order to drive effective delivery.
  • Strong integrity, independence, and resilience.
• Certifications
  • One or more of the following certifications will be preferred:
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Sec