Retail Banking Business Info& Cyber Sec Officer
渣打银行有限公司ShanghaiUpdate time: July 27,2019
Job Description
Policy and Risk Assessment:
? Be country Retail Business’s subject matter expert regarding the Bank’s Information and Cyber Security strategy, standards, policies, procedures and DOI, and the point of contact for technical advisors of speciality areas.
? Facilitate the RB process owners to conduct risk assessments and support mitigation activities and projects on ICS agenda
? Drive compliance with group policies standards, and local regulatory requirements on ICS agenda through liaison with responsible process owners; ensure proper governance by the process owners is established for projects/ change management that is needed to effect the required changes
? Work closely with Group and Regional 1st and 2nd lines on ICS controls (including the Regional ISO), as well as in-country RBMT Heads to provide oversight, governance and monitoring, and work with various delivery owners to embed the ICS risk type framework within the business
? In conjunction with the respective country RB process owners, understand and assess the impact of changes in the policy or procedures on Retail Business and engage with the Business Heads to ensure the impact on ICS agenda is understood
? Recommend additions/enhancements/changes to the ICS policy, procedures, DOI and risk type framework, and ensure the respective process owners implement necessary change with proper governance
Secure the Business:
? Ensure ICS risks are proactively managed and effectively controlled, mitigated and remediated with senior stakeholder’s support and buy-in by the process owners in Retail Business
? Drive the implementation of the ICS risk framework in Retail Business
? Establish priorities in partnership with the COOs, group, regional and in-country 1st and 2nd line owners, and take responsibility for resolving ICS issues among RB process owners
? Ensure proper governance and escalation by RB process owners in managing information security-related incidents and events
? Ensure that the management of ICS risk is effective and operating efficiently within Retail Business
? Work with RB process owners and drive information security culture / awareness and help improve readiness for ICS risks
? Support risk assessments (gross and residual risks) on ICS for Retail Business and provide advice whenever technical expertise is required/ or link up with the technical advisor on speciality areas
? Provide an effective risk management framework to ensure the Retail Business information is protected by working with the businesses to validate the Confidentiality, Integrity and Availability framework has been applied effectively
? Facilitate the RB process owners to ensure information risks are identified, assessed, mitigated and controlled in Retail Business; ensure Critical Information Assets are identified and graded appropriately. Monitor changes in the ICS-related risk profile of the highly critical systems.
? Work with IT and operations to validate the resilience of Retail Business’s data and IT systems
? Support Group initiatives ensuring Retail Business’s needs are represented effectively
Reporting and Governance:
? Ensure effective protocol for RB process owners to prepare periodic reports, dashboards and committee papers summarizing the risk posture for the business. Report non-compliance issues on ICS to senior management or governance committees
? Participate and represent Retail Business in PGCs, Cyber working groups, Programme Steer Committees etc to provide updates and influence positive outcomes for the business.
? As needed, work with RB process owners to validate the accuracy and consistency of KRIs, KCIs and other risk ratings, as well as process designs using available MI on ICS agenda
? Support the Third-Party Security Assessment team during Retail’s 3rd party reviews on ICS agenda
? Help implement design and embed ICS RTF controls in ORF across Retail Business
? Support regulatory engagements on ICS agenda
Engagement:
? Maintain strong stakeholder engagement and serve as the business-facing lead with ITO, Retail Business, COOs, RB Business Risk Management Head and Regional Head of Retail Business Information and Cyber Security, Change and Transformation, CISO, Risk & Control stakeholders to bring alignment across stakeholder groups in conjunction with ICS risk management.
? Collaborate with Corporate Communications, threat intelligence and other functions to lead and coordinate the information security change management effort around branding, communications, staff awareness and training for Retail Business
? Maintain relationships with key service and product owners within Security Technology Services to keep abreast of changes that may affect Retail Business’s ICS-related risk landscape.
? Help to interpret and translate the information security requirements of the Retail Business IS program into technical requirements when needed
? Engage external agencies / third parties to understand the threat environment and reported events; assess ICS-related impact for Retail Business
Strategy and Investments:
? In collaboration with RB process owners, identify and independently drive strategic change initiatives to deliver on the ICS agenda for Retail Business with a forward-looking view
? Develop insightful strategies for engaging business on information security matters, ensure investments are prioritised and funding is approved in Retail Business
? Support delivery of the bank’s enterprise wide risk management plan and strategy in Retail Business
? Work with application development organizations to assist in the development of strategies and plans for improving both Architecture and application security in Retail Business
Resiliency and Recovery
? Serve as the first point of contact and escalation for all Retail Business information security matters; serve as the Retail Business security incident response coordinator and advisor on emergency actions to protect the business.
? Respond to information security events in Retail Business by initiating and coordinating emergency actions to protect the business unit from an imminent loss of information or value.
? Ensure that Business Cyber Contingency Plan, Crisis Management Plan, Playbook etc are in place for ICS risks in Retail Business
? Conduct scenario testing, table top exercise with Retail Business Management on a regular basis to ensure preparedness for any contingency on ICS agenda in Retail Business
Regulatory and Retail Business Conduct:
? Display exemplary conduct on ICS-agenda and live by the Group's Values and Code of Conduct in Retail Business
? Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct in Retail Business. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
? Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
? Engage key stakeholders including Legal and Compliance on interpreting local laws and regulations pertaining to information security for country Retail Business. Work closely with Business, Compliance, CISO and ITO to develop reasonable solutions and/or mitigation
? Degree in Engineering, Computer Science/Information Technology or its equivalent
? Experience in Information Security in Banking and Financial services
? One or more of the following certifications will be preferred:
? Strong knowledge of cyber security frameworks, information security principles, architecture, and cryptography
? Exposure or hands-on experience in infrastructure / web application penetration testing and vulnerability assessments is preferred.
? Ability to articulate gross and residual risk with specific ability to clearly, concisely and accurately communicate complex technology and process risk to non-technical stakeholders in a lucid way
? Strong interpersonal and stakeholder management skills, across various levels in the organization including senior leadership teams, in influencing key decisions taken in the business and in support teams
? Strong communication skills – oral, written and presentation. Sound knowledge of MS-Excel, PPT, and Word
? Must be a self-starter who is able to initiate and successfully drive programs and projects to completion with little or no management supervision
? Strong analytical skills and ability to prioritise, make decisions, and work to tight timeframes
? Strong business acumen and deep knowledge and experience in the ICS field
? Proven ability to lead highly complex, global activities through influence and credibility rather than command and control
? Ability to both assess strategic priorities and to focus on detailed aspects of a function in order to drive effective delivery
? Strong integrity, independence and resilience
? Be country Retail Business’s subject matter expert regarding the Bank’s Information and Cyber Security strategy, standards, policies, procedures and DOI, and the point of contact for technical advisors of speciality areas.
? Facilitate the RB process owners to conduct risk assessments and support mitigation activities and projects on ICS agenda
? Drive compliance with group policies standards, and local regulatory requirements on ICS agenda through liaison with responsible process owners; ensure proper governance by the process owners is established for projects/ change management that is needed to effect the required changes
? Work closely with Group and Regional 1st and 2nd lines on ICS controls (including the Regional ISO), as well as in-country RBMT Heads to provide oversight, governance and monitoring, and work with various delivery owners to embed the ICS risk type framework within the business
? In conjunction with the respective country RB process owners, understand and assess the impact of changes in the policy or procedures on Retail Business and engage with the Business Heads to ensure the impact on ICS agenda is understood
? Recommend additions/enhancements/changes to the ICS policy, procedures, DOI and risk type framework, and ensure the respective process owners implement necessary change with proper governance
Secure the Business:
? Ensure ICS risks are proactively managed and effectively controlled, mitigated and remediated with senior stakeholder’s support and buy-in by the process owners in Retail Business
? Drive the implementation of the ICS risk framework in Retail Business
? Establish priorities in partnership with the COOs, group, regional and in-country 1st and 2nd line owners, and take responsibility for resolving ICS issues among RB process owners
? Ensure proper governance and escalation by RB process owners in managing information security-related incidents and events
? Ensure that the management of ICS risk is effective and operating efficiently within Retail Business
? Work with RB process owners and drive information security culture / awareness and help improve readiness for ICS risks
? Support risk assessments (gross and residual risks) on ICS for Retail Business and provide advice whenever technical expertise is required/ or link up with the technical advisor on speciality areas
? Provide an effective risk management framework to ensure the Retail Business information is protected by working with the businesses to validate the Confidentiality, Integrity and Availability framework has been applied effectively
? Facilitate the RB process owners to ensure information risks are identified, assessed, mitigated and controlled in Retail Business; ensure Critical Information Assets are identified and graded appropriately. Monitor changes in the ICS-related risk profile of the highly critical systems.
? Work with IT and operations to validate the resilience of Retail Business’s data and IT systems
? Support Group initiatives ensuring Retail Business’s needs are represented effectively
Reporting and Governance:
? Ensure effective protocol for RB process owners to prepare periodic reports, dashboards and committee papers summarizing the risk posture for the business. Report non-compliance issues on ICS to senior management or governance committees
? Participate and represent Retail Business in PGCs, Cyber working groups, Programme Steer Committees etc to provide updates and influence positive outcomes for the business.
? As needed, work with RB process owners to validate the accuracy and consistency of KRIs, KCIs and other risk ratings, as well as process designs using available MI on ICS agenda
? Support the Third-Party Security Assessment team during Retail’s 3rd party reviews on ICS agenda
? Help implement design and embed ICS RTF controls in ORF across Retail Business
? Support regulatory engagements on ICS agenda
Engagement:
? Maintain strong stakeholder engagement and serve as the business-facing lead with ITO, Retail Business, COOs, RB Business Risk Management Head and Regional Head of Retail Business Information and Cyber Security, Change and Transformation, CISO, Risk & Control stakeholders to bring alignment across stakeholder groups in conjunction with ICS risk management.
? Collaborate with Corporate Communications, threat intelligence and other functions to lead and coordinate the information security change management effort around branding, communications, staff awareness and training for Retail Business
? Maintain relationships with key service and product owners within Security Technology Services to keep abreast of changes that may affect Retail Business’s ICS-related risk landscape.
? Help to interpret and translate the information security requirements of the Retail Business IS program into technical requirements when needed
? Engage external agencies / third parties to understand the threat environment and reported events; assess ICS-related impact for Retail Business
Strategy and Investments:
? In collaboration with RB process owners, identify and independently drive strategic change initiatives to deliver on the ICS agenda for Retail Business with a forward-looking view
? Develop insightful strategies for engaging business on information security matters, ensure investments are prioritised and funding is approved in Retail Business
? Support delivery of the bank’s enterprise wide risk management plan and strategy in Retail Business
? Work with application development organizations to assist in the development of strategies and plans for improving both Architecture and application security in Retail Business
Resiliency and Recovery
? Serve as the first point of contact and escalation for all Retail Business information security matters; serve as the Retail Business security incident response coordinator and advisor on emergency actions to protect the business.
? Respond to information security events in Retail Business by initiating and coordinating emergency actions to protect the business unit from an imminent loss of information or value.
? Ensure that Business Cyber Contingency Plan, Crisis Management Plan, Playbook etc are in place for ICS risks in Retail Business
? Conduct scenario testing, table top exercise with Retail Business Management on a regular basis to ensure preparedness for any contingency on ICS agenda in Retail Business
Regulatory and Retail Business Conduct:
? Display exemplary conduct on ICS-agenda and live by the Group's Values and Code of Conduct in Retail Business
? Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct in Retail Business. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
? Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
? Engage key stakeholders including Legal and Compliance on interpreting local laws and regulations pertaining to information security for country Retail Business. Work closely with Business, Compliance, CISO and ITO to develop reasonable solutions and/or mitigation
? Degree in Engineering, Computer Science/Information Technology or its equivalent
? Experience in Information Security in Banking and Financial services
? One or more of the following certifications will be preferred:
- Certified Information Security Manager (CISM)
- Certified Information Systems Security Professional (CISSP)
- SANS Global Information Assurance Certifications (GIAC)
- Certified in Risk & Information Systems Control (CRISC)
- Certified Information Systems Auditor (CISA)
? Strong knowledge of cyber security frameworks, information security principles, architecture, and cryptography
? Exposure or hands-on experience in infrastructure / web application penetration testing and vulnerability assessments is preferred.
? Ability to articulate gross and residual risk with specific ability to clearly, concisely and accurately communicate complex technology and process risk to non-technical stakeholders in a lucid way
? Strong interpersonal and stakeholder management skills, across various levels in the organization including senior leadership teams, in influencing key decisions taken in the business and in support teams
? Strong communication skills – oral, written and presentation. Sound knowledge of MS-Excel, PPT, and Word
? Must be a self-starter who is able to initiate and successfully drive programs and projects to completion with little or no management supervision
? Strong analytical skills and ability to prioritise, make decisions, and work to tight timeframes
? Strong business acumen and deep knowledge and experience in the ICS field
? Proven ability to lead highly complex, global activities through influence and credibility rather than command and control
? Ability to both assess strategic priorities and to focus on detailed aspects of a function in order to drive effective delivery
? Strong integrity, independence and resilience
职能类别: 其他
微信分享
部门信息
所属部门:Retail Banking
Get email alerts for the latest"Retail Banking Business Info& Cyber Sec Officer jobs in Shanghai"