Director of Business Information Security (BISO)
We have two exceptional opportunities to join one of London's highest-performing financial institutions. You'll work across the respective business units (BU) and ensure that security capabilities are deployed; threat actors and cyber risks identified; and target state maturity is in compliance with the expected Group Information Security policies, standards and capabilities; as well as regulatory requirements. Act as the point of contact for Information Security related issues within the BU for both internal and external partners. The role will partner with the business to enable alignment of business needs with security objectives.
- Develop an understanding of BU's direction, priorities, opportunities, and challenges in order to prioritise security focus and drive good risk decisions
- Contribute to the development, communication and maintenance of the BU's information security strategy and allow potential opportunities through security innovation to be explored
- Drive development, implementation, maintenance, and improvement of all information security related activities in alignment with Cyber & Information Security Strategy, as defined by the CISO
- Ensure that security standards are applied consistently across the entire function, to ensure the security landscape does not fracture
- Liaise with regulators regarding security requirements
- Engage with key partners on the health of their information security programme, providing guidance on addressing key risks identified
- Work closely with the central Cyber Intelligence and Security Operations teams to identify and mitigate any potential BU security threats or resolve BU related security incidents
- Influence decisions on security by providing guidance that is easily understood and actionable by the business
- Work with business leaders to ensure that information security policies and standards are integrated with business processes. Constructively challenging existing processes where necessary
- Liaise with security architects both within Corporate Technology and other functions to encourage close collaboration
- Effectively collaborate with both senior business and security leadership on security and business considerations for BU; ensure partners understand their responsibilities in relation to security risk mitigation and remediation
- Participate in relevant business, organisational change and risk management discussions run by other parts of the organisation.
- Maintain a balanced relationship with internal and external audit functions, and other relevant bodies
This role impacts all colleagues within the BU, as they are responsible for ensuring that security controls and standards are properly met. The risk of not properly delivering against this role is an impact to the broader organisational reputation & failure against regulatory compliance of the function as a whole.
- Experience across multiple regulatory domains
- Experience of defining and embedding Security controls and Standards
- Hands on technical experience in of conducting security risk assessments
- Hands on experience with assessing and managing Major Security Incidents
- Experience in working within Technology functions to ensure that Security standards are maintained while not impeding innovation and advancement
- Experience of demonstrating deep and broad knowledge of emerging technology to deliver services
- Qualifications in security leadership and management for example, but not limited to, MBA, CISM or ISO 2700x
- Certifications in regulated areas e.g. privacy, resilience and quality assurance
Business and sector expertise
- Experience in Security for Financial Services Regulated Environment
- Expert knowledge of the cyber, information security and risk management field for a global financial services or other highly regulated organisation providing Technology Services to revenue generating divisions
- Experience of developing and influencing strategic working relationships with key technology suppliers
- Experience of advising/communicating at board level and with senior level regulators
- Detailed business, regulatory and technology knowledge appropriate to BU
Apply for this role
All fields marked with * are required.