Head of Information and Cyber Security Contract Support

The Role Responsibilities

The main purpose will be to support the Head of COE Design under Centre of Excellence (COE) - Third Party Security Risk (TPSR) function in ensuring Contract Owners and Contract Managers:

• Increase the frequency of Third Party's engagement when the threat environment or status of the Third-Party
• Support the implementation of Phase 1 (Third Party Privacy and Business Resilience) and Phase 2 (rest of the Third Party) for COE and expanding the Operations team to cover the additional phases
• Create synergy and support to take on additional scope for Third Party Privacy and Business Resilience into the COE function
• Review third party contracts to ensure that they are compliant to cyber security policy and standards, regulators' requirements and work with legal to make necessary amendment where required
• Manage the BAU contract process from an ICS perspective, providing support to the stakeholders, ensuring controls are maintained and deliver accurate reporting
• Engage globally with internal stakeholders to ensure that the contracts are created/amended in a timely manner to meet programme and regulatory timelines
• Effectively communicate the Pre-contract / Post contract security risks to internal and external stakeholders globally
• Support centre point of contact for the stakeholders to ensure they understand their roles and responsibilities across the lifecycle of Third Party Security Assessment
• Ensure robust governance over all contract activities, including maintaining audit trail, escalations and reporting
• Develop and improve the process for engagement of the third party security risk team by the business for all new third party entities across all markets, and for ongoing periodic review requirements
• Build trusted working relationships with other security functional heads, risk and compliance counterparts, and business unit stakeholders
• Work closely with the other supply chain and vendor management functions within the bank (Global Sourcing, Legal, Compliance, etc.) and other risk functions (Cloud, privacy, resiliency, CSS) integrate third party data security risk processes relating to COE into the wider bank vendor management process
• Run a process improvement program to review the existing COE service, recommend improvement plan and implement programs of work to improve service across the Bank
• Ensure compliance to measurement, tracking and reporting of contract related third party security risk assurance metrics
• Provide regular updates on the Pre-contract / Post contract related third party security risk program, including KPIs, KCIs, and metrics status for delivery to relevant operational, Group, and Board committees
• Ensure the accuracy of KRI's and KCI's and other risk ratings, provide assistance to process designs in order to meet policy requirements on contract related matters
• Lead the monitoring and reporting of mitigation and remediation actions to track progress against audit and other assessment findings
• Lead the third party COE Operations team to facilitate the third party risk governance process
• Ensure sufficient and appropriate evidence of work performed for review by Group Internal Audit and others

• Bachelor's degree from an accredited college/university in an appropriate field
• 10 - 15 years of experience in operational knowledge in information security / IT Contract & Vendor Management, preferably with Big 4 and/or Banking & financial services experience
• Exposure to contractual documentation and drafting contract documentation is highly desired.
• Experience in third party audits or risk management is a plus, but understanding of auditing standards, compliance, risk assessment and internal control frameworks is a requirement
• Familiarity with working in a multi-national company or cross-cultural setting
• Excellent written and interpersonal skills
• Strong time management skills
• Ability to draft reports that clearly communicate observations and risks would be required
• Strong stakeholder engagement skills, and ability to interact at all levels across an organisation
• Strong audit project organisation and management skills
• Ability to multitask and ensure that all key priorities are delivered as per agreed timelines
• Knowledge of security frameworks (e.g. COBIT, ISF, COSO), standards (e.g. ISO, NIST, CIS), information security principles, security architecture and regulatory requirements will be a plus
• Competency with Microsoft Office Suite (Word, PowerPoint, Excel, Visio, SharePoint)
• Certifications (CISSP, CISA, CRISC, CCSP) will be a plus

Apply now to join the Bank for those with big career ambitions. To view information on our benefits including our flexible working please visit our career pages. We welcome conversations on flexible working.