Security Architecture and Assurance Manager
|Job Type||Permanent Full Time|
|Area||London, United Kingdom|
|Job Ref||CXE 561|
- The Security Consulting Manager is responsible for ensuring organisational assets are secured appropriately based on their importance to the organisation. This is a management role and as a result the role holder is responsible for the management of a team of specialists who also carry out the below functions.
- To provide advice and guidance on how to minimise the impact to the Bank of potential threats to the network or assets
- To liaise with potential or current partners and suppliers to the Bank and evaluate the information security levels of the company or products.
- As required assist and provide guidance to the ServiceDesk and Infrastructure engineers in the event of a Security alert.
- As required investigate the vulnerability of the Bank to potential malicious attacks and recommend defensive actions.
POLICY, STANDARDS, PROCEDURES AND GUIDLINES
- To ensure that information security policies are implemented, enforced, monitored and complied with and to ensure the Bank embraces a culture of Information Security.
- To develop and ensure data security procedures are approved that provide the more detailed steps that service areas need to adhere to in order to implement that data security policies.
- To work with Infrastructure Solution Architects and advice on all Information Security Risks with regards to infrastructure, changes to processes or software implementations. To critique the high and low level designs within projects. Working on all such projects throughout their lifecycle to ensure the Bank meets compliance and regulatory requirements.
- To ensure that regular risk assessments are completed in departments and the results are recorded.
- To assist in taking timely action resulting from any risk assessment recommendations. This may involve liaison with other departments, partners or suppliers. It is essential to keep the IT Security department informed if there are any issues of non-compliance.
KEEP ABREAST OF DATA SECURITY TRENDS
- Be aware of current and possible future trends in information security and take into account current Bank procedures, to define and develop procedures and policies for appropriate and secure use of the Bank’s IT systems.
- Adherence to standards, including ISO27001 and Information Technology, PCI-DSS and Infrastructure Library (ITIL)
APPLICATION OF KNOWLEDGE, PROBLEM SOLVING & INNOVATION
The role holder must apply knowledge of industry best practices including NIST, PCI DSS, ISO27001 and any other applicable standards to ensure organisational assets are protected appropriately. In order to do this they must embed themselves into project and change teams to ensure all decisions relating to solution design or adaptation does not impact the security posture of the organisation.
The role holder must ensure that problems are approached in a pragmatic and risk focussed manner. Problems could be technically complex and require research and exploration of various possible solutions. The Information Security specialist will consult with design teams to ensure security requirements are delivered alongside functional requirements.
An example of a complex problem could be that due to legacy issues, encryption is not possible. The Specialist must therefore explore all possible other solutions to reduce the likelihood of a data confidentiality breach such as access control, isolation, auditing and so on.
The communication requirements of this role are varied and can include the below:
Internal project sponsors across the business and IT.
ExCo members regarding day to day security expectations(Awareness).
Third party vendors and security consultancies and penetration testing partners.
Third party suppliers as part of 3rd party risk management/solution review.
The role holder is responsible for fostering a knowledge sharing environment across the team supporting other team members with peer reviews as well as technical support on new/weaker subject matter.
They will be required to ensure information security strategy is supported and where appropriate implemented. The delivery of this strategy will support the organisation’s strategy and ensure that we put our customers first by protecting their information. They are also required to support the organisation’s objectives around efficiency of spend, particularly in relation to new products/solutions.