Business Information Security Officer

The job description is comprehensive and detailed, but it can benefit from improved formatting for clarity and readability. I will add appropriate HTML tags, organize sections clearly, and correct minor grammatical issues to enhance user engagement and understanding.

Below is the refined version:

• Implement cloud-specific security strategies, policies, and procedures, ensuring alignment with overall business goals and regulatory requirements, especially those related to data privacy and security.
• Design and implement solutions for cloud security, including architecture, access control, and data protection, with strong understanding of cloud platforms (AWS, Azure, GCP) in that order.
• Identify, assess, and mitigate security risks associated with cloud infrastructure and data platforms, collaborating with the platform engineering team on implementation.
• Build consensus across CISO and business units to drive data security solutions organization-wide.
• Possess expertise in modern data platforms, preferably with experience in Databricks and Snowflake implementations.
• Hold relevant certifications such as cloud-specific certifications (e.g., AWS Certified Security - Specialty) preferred.

To serve as the primary liaison between business, technology, and security functions, ensuring the confidentiality, integrity, and availability of information, and supporting security risk mitigation.

• Collaborate with stakeholders to understand security requirements in business processes and IT projects to enhance risk management.
• Conduct risk assessments to identify and prioritize cybersecurity threats impacting operations and data, guiding mitigation strategies and communicating findings to senior stakeholders.
• Develop and implement security policies and procedures aligned with the risk management framework in collaboration with business units.
• Manage the implementation, testing, and monitoring of security controls across IT systems to ensure effectiveness and risk mitigation.
• Execute training sessions to educate employees, enhance cybersecurity awareness, and promote safe online practices.
• Manage complex cybersecurity incidents by working with IT teams and response experts to resolve cases through analysis, expertise, and supervision.
• Identify emerging cybersecurity trends, threats, and technologies to address potential risks and advocate for adopting new security solutions.

• Manage a business function, contributing to strategic initiatives, policy development, and overseeing multiple complex projects.
• Lead a large team or act as a technical expert, training and guiding less experienced staff, and influencing long-term strategic decisions.
• Provide advice to senior management and influence decisions beyond the immediate function.
• Manage resourcing, budgeting, and policy creation for the sub-function.
• Ensure compliance with policies and regulations, and monitor external environment and industry developments.
• Demonstrate extensive knowledge of industry practices, and use analytical skills to solve complex problems.
• Make strategic decisions, negotiate with stakeholders, and act as a principal contact for key clients.

All senior leaders are expected to embody leadership behaviors: Listen and be authentic, Energize and inspire, Align across the enterprise, and Develop others. Additionally, all colleagues should demonstrate Barclays Values—Respect, Integrity, Service, Excellence, and Stewardship—and the Barclays Mindset—Empower, Challenge, and Drive.