Information Security Framework Manager

Information Security Framework Manager
  • £80,000 - £85,000 per Annum
  • Permanent
  • London, England, UK London London GBR EC3M 7DQ
Job Ref: BBBH120336
Sector: Cybersecurity
Date Added: 27 October 2022
Role specific This role works strategically across UKT and the Bank to lead the embedding and maintenance of the Information Security framework ('ISMS'). This is a senior role within our Information Security Privacy, Policy and Awareness Team with accountability for the design, implementation and continual improvement of the ISMS and its underpinning processes. The role has a direct report. The main purpose of the Information Security Framework Manager role is to:
  • Responsible for the embedding and continual improvement of the ISMS, ensuring its effective design and operation in the Bank;
  • Managing the design and delivery of the ISMS process, applying a structured plan-do-check-act methodology;
  • Maintaining oversight of ISMS effectiveness in line with Framework Owner responsibilities in the Bank's Risk Management Framework and monitoring business performance against information security controls, including maintaining effective framework performance metrics (KCIs), coordinating and presenting effective risk scorecards and quarterly management reports at the Data Governance Committee, to ensure and support the Committee's oversight of the ISMS and influence decision making on areas requiring focus or improvement;
  • Influencing business priorities and control owner plans for information security improvements and risk mitigation;
  • Influencing across the Bank, including senior management, to ensure clear ownership and accountability for information security controls
  • Ensure the clear design and articulation of information security controls which align to the Bank's legal, regulatory and business needs
  • Influencing the effective integration and ongoing alignment of the information security framework with the Bank's Risk Management Framework and operational risk processes
  • Responsible for creating and maintaining the Information Security policy, ISMS, Control Standards and instructions, and for the effective planning, prioritisation and delivery of their review cycles to ensure the framework is kept up to date, aligns to UK legal, regulatory and good practice requirements and Bank's global minimum standard for information security;
  • Manage the planning and delivery of the team's Information Security Framework business plan, including effectively leading and developing team members, managing any changes, new demands, requirements, or issues and providing regular status/delivery performance reports to management as required;
  • Provide specialist information security policy advice, support and challenge to stakeholders across the Bank, and represent the Information Security team with Business stakeholders as a trusted advisor, finding cost-effective security solutions that efficiently support customer needs;
  • Support the continued development of specialist information security technical knowledge within the UK Information Security team;
  • Act as lead Duty Incident Manager on a shared rota basis to manage information security and personal data breaches in accordance with defined incident management processes, ensuring impacts and risks are appropriately identified, assessed and mitigated;
  • Deputise for elements of the reporting manager's role (Privacy, Policy & Awareness Manager) as required, on an ad-hoc basis, to cover absences, periods of increased workload, etc

Key Skills:
  • solid experience embedding, managing and operating an information security framework / ISMS
  • able to influence decision making to surface and mitigate issues and risks across a wide range of stakeholders, up to and including senior management / executive
  • lead, manage and develop other colleagues, including wellbeing and performance of a team;
  • prioritise and deliver competing priorities and manage stakeholders effectively
  • own and / or oversight the delivery of key processes and/or improvement projects
  • take responsibility and act autonomously;
  • plan, organise and prioritise tasks and projects;
  • have the ability to solve problems creatively and effectively;
  • be a strong team player;
  • be able to interact proactively and confidently with all areas of business, including senior management
  • have excellent interpersonal and communication skills in both written and spoken English;
  • ability to successfully communicate complex data protection requirements to non-technical stakeholders
  • pragmatic, and effectively balances risk and control requirements with commercial drivers and customer outcomes
  • positive, collaborative and builds and maintains effective cross functional relationships

Carbon60, Lorien, SRG - the Impellam Group STEM Portfolio is acting as an Employment Business in relation to this vacancy.

26/11/2022 10:26:32
GBP 80000 85000 Annum
Contact Consultant:
Chris Cordina

Submitting application, please wait..