Connecting...

W1siziisinrozw1lx2fzc2v0cy9id2qtc2vhcmnolwfuzc1zzwxly3rpb24vanbnl2jhbm5lci1kzwzhdwx0lmpwzyjdxq

Lead Information Risk Speci...

Lead Information Risk Specialist - Technology Infrastructure

Job Title: Lead Information Risk Specialist - Technology Infrastructure
Contract Type: Permanent
Location: London
Industry:
Salary: £65000 - £75000 per annum, Benefits: Excellent pension, holiday and discretionary bonus
Start Date: Dependant on process length and notice period
Reference: AHIRMS
Contact Name: Alex Hamilton
Contact Email: alexander.hamilton@bwd-search.co.uk
Job Published: December 14, 2016 16:57

Job Description

A global banking organisation is seeking a vice president level information risk management specialist. 

Job Purpose

This role is part of the Infrastructure team, which falls under the global Technology team, covering:
  • Network Security Assessments
  • Application security assessments
  • Service provider management
  • Mergers and acquisition (due diligence and subsequent integration risk assessment)
  • Information risk
 The UK team have primary responsibility for infrastructure security assessments and network security assessments in the EMEA region. Support is also provided to teams in other regions. 


Responsibilities

This is a ‘hands off’ role – the successful candidate will have no responsibility for operational delivery. IT and others carry out changes such as adding users, installing or configuring applications, etc. under the supervision and instruction of the technology risk management team where relevant.

To ensure the integrity and reliability of company data and systems, through appropriate technology risk assessment. This includes involvement in business and IT projects to ensure that appropriate controls are built in from the earliest stages. The responsibilities of the team include:
  • Assessments of tech infrastructure and network security
  • Consultancy requests
  • Firewall/URL change request approval
  • Firewall policy, rule usage compliance and reviews
  • Providing security consultation to the EMEA/Asia Pac businesses
  • Technology infrastructure assessments for new, changed and existing systems
  • Working with operational, support and technical teams to identify security issues and agree corresponding actions
  • Works with the business to request a policy exception were mitigation is unsuitable
  • Tracks issues and agreed actions to completion, escalating issues where necessary.
  • Consultancy on business projects
  • Assess URL access requests with a view to approval
  • Ad-hoc requests for support/guidance
 
Requirements

Whilst ‘hands-off’, a level of technical knowledge is required to assess what is required, possible and achievable in technical areas. 

Essential

The successful candidate must have:

 Strong experience in a Technology Risk, Information Security or an IT Audit role;
  • CISSP or other relevant professional qualification such as CISM;
  • A thorough understanding and hands on experience of risk assessment approaches and methodologies;
  • A good understanding of standard network infrastructure including VPNs, firewalls, switches, routers and LANs
  • Experience of formal document creation;
  • Experience of carrying out risk reviews and technology audits;
  • Thorough understanding of the ISO 27000 series of standards and guidelines; 
  • Knowledge or practical experience of one or more of the following products:
  • Knowledge or practical experience of one or more of the following products:
    • Archer Technologies SmartSuite Framework.
    • Algosec Firewall Analysis Tool
    • Tufin Operations Management
  • Juniper/Checkpoint/CISCO firewall management
  • URL Filtering products
 Key Skill and Attributes:
  • A keen eye for an opportunity to improve existing process and take the initiative to promote such an enhancement.
  • Must take accountability for their actions and be open and honest when things have gone wrong, and celebrate successes when things have gone well.
  • Able to co-operate and work well with others adopting an approachable style – Important as the team works closely with a large and diverse set of suppliers and customers.
  • Must be rigorous and thorough – especially when logging and tracking issues through to conclusion
  • Candidate must be able to manage their own workload and run several tasks concurrently so as to meet the realistic targets and priorities set in conjunction with management.
  • Demonstrate a high-level of commitment and self-motivation, combined with enthusiasm and a genuine interest in the role of Risk Assessment in business.
  • Demonstrates a calm professional approach, with a good understanding of time constraints and the need to escalate/inform departmental management as appropriate.
  • Understands their own shortfalls and knowledge gaps. Not afraid to acknowledge a gap and work on strategies to address them.
  • Adapts personal approach to suit situations, individuals, groups and cultures. Is flexible in relation to getting the job done.
  • Ability to adapt quickly to changes in the organisation and job responsibilities with a positive attitude.
  • Must be able to see the customer perspective, i.e. from a business point of view, the most secure solution is not always workable or realistic considering costs and benefits.
  • Able to express clearly and fluently, both orally and in writing. Considers the audience, avoiding technical jargon wherever necessary and appropriate.
  • Documentation must be professional, well-structured and presented and require the minimum management review and revision. This is especially important.
  • Good at listening and analysing a situation or the information provided.
  • Works well with others or individually. Supports the development of the team as a whole, places team before personal interests.
  • Shows respect for others and recognises their concerns and interests.
 To apply, contact Alexander Hamilton at BWD Search & Selection