The Cyber Security Technology function supports a number of technologies and services across a globally dispersed team. This includes cryptography and encryption technology, Data Loss Prevention, Security Infrastructure and vulnerability management. These collective teams assure critical functions and billions of pounds worth of transactions across the organisation.
The Cloud DLP SME role-holder is charged with protecting the client brand, shareholder value, information and financial assets, managing a team across the globe in the following ways:
- Supporting the delivery and operating Strategy
- Providing key representation for and source of expertise on all issues.
- Support the delivery of tooling to implement controls ensuring compliance with client Information Security policies and standards globally including any regulatory requirements.
- Collaborate to drive the implementation of the enterprise wide and regional / business level IT Strategy.
Ensure information security requirements are adhered to globally by ensuring effective compliance and measures are in place.
- Work closely with the team as the 1LOD function and understand strategy while maintaining visibility of their IT security risk profile, exposures and control effectiveness and to provide robust challenge to the same audience when information security risk appetites are breached.
- Drive engagement with all relevant regional and global stakeholders (cyber security colleagues across Strategy and Architecture, Security Shared Services, Security Engineering and business and IT Functions).
- Wide range of cyber experience across cyber with specific focus on Data Security and DLP engineering
- Experience with CASB technology, specifically, McAfee, Microsoft and Broadcom.
- Experience of building, deploying and using the tooling to support Data Security and Data Integration strategies
Proven experience of successful operational management, utilising relevant tools and techniques to ensure consistent delivery
- A minimum of 4/5 years Cyber experience would be beneficial
- Experience working in a highly regulated environment
- Promoted and led best practice in risk and compliance management in a similar organization
- A track record of making strategic business decisions, considering relevant risks, long term implications, commercial realities and stakeholders” needs
Local Job Requirements:
- Profile of services – Global.
- Internal and external relationships – Internal relationships extend from the local team to the whole of IT.
- Interaction with business and technology stakeholders including external vendors and suppliers.
- Executive & Stakeholder Management – Communication and engagement with Senior Management and other
- Executive stakeholders, effective verbal and report writing skills.
- Compliance & Regulatory Management – Management and contribution to any regulatory request relating to Cyber Security globally.
- Management of Direct and Indirect Reports – People management and contribution to a positive work culture / environment.
- Vendor/Supplier Management – Liaison and potential management of Cyber Security vendors, consultants or suppliers.
Certifications, Qualifications & Experience:
- Typically educated to degree level within IT
- Experience working in relevant environments on Data Security principles and controls
- Knowledge of CASB & Data Leakage Protection Tools (Installing, monitoring)
- Strong technology integration experience
- Relevant product knowledge including knowledge of integrating different technologies to maximize value
- Demonstrable experience in IT or Cyber Security pertinent to this role with 5+ years experience
- Regulatory engagement, experience in dealing with compliance matters, and regulatory liaison would be beneficial
- Knowledge of any global regulatory requirements would be beneficial
- Ability to build strong relationships and communicate on complex IT Security issues with a wide spectrum of stakeholders.
- Understanding of business finance and experience of effective management of budgets and expenditure
- Comprehensive understanding of security in context of wider industry trends and direction
- Experience of working in a financial organisation would be beneficial
- Information Security Certification such as GIAC, CISSP, CISA, CRISC or ISO 27001 Lead Auditor not required, but considered a plus