Interim Cyber Security Manager (Fixed Term)

Description

Job Summary

Reporting to the Head of Operational Risk and working closely with the Head of Information Security, the role will support in managing the Bank’s Second line of Defence (2LOD) for cyber security, assuring compliance with the Bank's Information Security Policies and Standards and overseeing the effective implementation of security controls through engagement with the Bank’s cyber security operations team (1LOD).

Key Work Outputs and Accountability

• Supporting the management of the Bank’s Cyber Security function maintaining compliance with our NIST based cyber security framework.

• Responsible to Head of Operational Risk for Information Security RCSA framework, in particular regulatory compliance, and tolerated risk exposure.

• Act as Cyber Security expert within the Second Line of Defence (2LOD), providing advice and guidance to 1LOD on best practice cyber security and to business driven change activity

• Working with the Bank’s Enterprise Architect to ensure solutions are delivered in accordance with BACB’s IT Security policies and Standards.

• Ensure the Bank can effectively respond and recover from Cyber Security Incidents

• Working with the Head of Information Security on ways to defend the Bank from current cyber threat landscape, identifying emergent threats and recommending innovative controls and mitigations

• Work together with the 1LOD and provide evidence that IT Security operations are within risk tolerances (e.g., Evergreen IT, Patching, Vulnerability scanning and Pen Testing) (supported by a 2nd member of the 2LOD team)

• Oversee compliance with the Bank’s cyber security standards and policies liaising with CIO (1LOD) where responsibility spans Lines of Defence

• Maintain security performance metrics/ KPIs, recommending improvements where appropriate

• Effective use of specialist tools and logging to review the Bank’s cyber status and perform requested “deep dives” as necessary as well as define automated alerting mechanisms, ensuring that these alerts can be assessed and investigates independently by 1LOD and 2LOD

• Engaging with the CIO and the Head of Information Security to ensure that sufficient/ effective cyber defences are implemented, giving the Bank value for money for any procured Cyber Security solutions, including Cyber Risk Insurance

• Responsibility for the effective bank-wide cyber security training and awareness

Knowledge

• Educated to degree level (or equivalent), possessing at least one security accreditation (e.g., CISM or CISSP)

• Good working knowledge of cyber security standards (i.e. NIST, ISO 27001, Cyber Essentials, GDPR)

• Previous experience in the practical use and management of products such as Defender, Darktrace and Mimecast

• IT security management knowledge, skills, and experience

• Familiarity of firewall rulesets and the requirements for effective cyber defence

• Familiar with the Microsoft stack from Desktop products to server products to Azure

Experience (Essential)

• Working in Financial Services or another regulated market, such as aviation or energy

• Managing the delivery of an organization-wide information security related strategy

• Knowledgeable in common Data Leakage reasons and effective prevention

• Working with on premise, public and/or hybrid cloud environments

• Conducting security-based investigations, the management of such inquiries and liaison with external BACB engaged investigation parties

Skills

Proven ability to gain credibility with, persuade and influence operational managers, stakeholders and C-Suite. The role holder must be self-motivated, able to work on their own initiative and liaise effectively with professional staff and customers throughout the business.

Excellent oral and written communication skills.

Excellent time management skills with the ability to work under pressure to tight deadlines.

Excellent inter-personal skills, and with the gravitas to manage, coach and direct personnel at all levels within both the BACB business & external companies.

Ability to negotiate with external suppliers, in conjunction with Head of Procurement and CIO, to get best value for money for the Bank.

Able to work discretely and with sensitivity to ensure no staff or Bank reputational loss.