Information Security Manager

Direct message the job poster from BACB plc

BACB is a UK bank that offers trade finance and investment expertise to clients in specialist markets, especially Africa and the Middle East.

We have been helping businesses with trade finance and complementary products for over half a century, focusing on trade flows to and from Africa and the Middle East as well as real estate in the UK.

Our in-depth knowledge of the countries and practices where our clients operate ensures that we put them first.

Additional Info

• Hybrid Working: 3 days onsite, 2 from home
• Location: City of London
• Contract Type: Fixed Term Contract

Job Summary

Reporting to the Head of Operational Risk and working closely with the Head of Information Security, the role will support in managing the Bank’s Second line of Defence (2LOD) for cyber security, assuring compliance with the Bank's Information Security Policies and Standards and overseeing the effective implementation of security controls through engagement with the Bank’s cyber security operations team (1LOD).

Key Work Outputs and Accountabilities

• Supporting the management of the Bank’s Cyber Security function maintaining compliance with our NIST based cyber security framework.
• Responsible to Head of Operational Risk for Information Security RCSA framework, in particular regulatory compliance, and tolerated risk exposure.
• Act as Cyber Security expert within the Second Line of Defence (2LOD), providing advice and guidance to 1LOD on best practice cyber security and to business driven change activity.
• Working with the Bank’s Enterprise Architect to ensure solutions are delivered in accordance with BACB’s IT Security policies and Standards.
• Ensure the Bank can effectively respond and recover from Cyber Security Incidents.
• Working with the Head of Information Security on ways to defend the Bank from current cyber threat landscape, identifying emergent threats and recommending innovative controls and mitigations.
• Work together with the 1LOD and provide evidence that IT Security operations are within risk tolerances (e.g., Evergreen IT, Patching, Vulnerability scanning and Pen Testing) (supported by a 2nd member of the 2LOD team).
• Oversee compliance with the Bank’s cyber security standards and policies liaising with CIO (1LOD) where responsibility spans Lines of Defence.
• Maintain security performance metrics/ KPIs, recommending improvements where appropriate.
• Effective use of specialist tools and logging to review the Bank’s cyber status and perform requested “deep dives” as necessary as well as define automated alerting mechanisms, ensuring that these alerts can be assessed and investigated independently by 1LOD and 2LOD.
• Engaging with the CIO and the Head of Information Security to ensure that sufficient/ effective cyber defences are implemented, giving the Bank value for money for any procured Cyber Security solutions, including Cyber Risk Insurance.
• Responsibility for the effective bank-wide cyber security training and awareness.

Required Qualifications and Experience

• Educated to degree level (or equivalent), possessing at least one security accreditation (e.g., CISM or CISSP).
• Good working knowledge of cyber security standards (i.e. NIST, ISO 27001, Cyber Essentials, GDPR).
• Previous experience in the practical use and management of products such as Defender, Darktrace, and Mimecast.
• IT security management knowledge, skills, and experience.
• Familiarity with firewall rulesets and the requirements for effective cyber defence.
• Familiar with the Microsoft stack from Desktop products to server products to Azure.
• Working in Financial Services or another regulated market, such as aviation or energy.
• Managing the delivery of an organization-wide information security related strategy.
• Knowledgeable in common Data Leakage reasons and effective prevention.
• Working with on-premise, public and/or hybrid cloud environments.
• Conducting security-based investigations, the management of such inquiries and liaison with external BACB engaged investigation parties.

Mid-Senior level

Contract

Information Technology

Banking