VP Information Security Risk and Control
What you will be doing:
This is an exciting opportunity for a talented individual to join our Chief Controls office
(CCO), a dedicated first line risk and control function. This role has arisen due to the
expansion of responsibilities, offering the successful candidate the opportunity to make an
impact and actively contribute to the evolution of this function.
As part of the CCO team, you will play a key role:
• Improving the oversight of non-financial risks, bringing risk and control subject matter
expertise with specific focus on Information Security, to partner with 1LOD business
owners to proactively identify, assess and mitigate risks.
• Providing cross functional oversight across the first line, driving best practices and
consistency in control standards for the effective control of Information Security risks
to within risk appetite.
• Driving behaviors to foster a risk-aware and risk intelligent culture where employees
recognize their role as risk managers and the importance of the control framework.
The role would suit candidates with 2LOD/3LOD experience looking for an opportunity to
move into 1LOD, or candidates with solid experience in 1LOD control/control
remediation/validation in the Cyber/Information Security space.
The Information Security Risk Control Vice President is a key member of the CCO team
who will work closely with the Information Security department (part of the Technology
division) in the oversight and validation of Information Security risk and controls. This
includes but not limited to:
Strategic:
• Develop and implement a consistent, effective and efficient approach to the
management and oversight of Information Security risks and controls
• Identify and deliver best practices in control standards across the firm
• Lead Technology’s engagement with Audit, also key liaison with 2LOD Risk and
Compliance
Operational:
• Support the identification, assessment of Information Security risks and controls
• Support in drafting/reviewing self-identified issues (SII) and remediation plans from a
risk/control lens to ensure risks are sufficiently assessed, addressed, consider
design/operating effectiveness, strategic/tactical solutions etc
• Support in drafting/reviewing corrective actions for Audit findings
• Support in validating corrective actions for SII and Audit findings as it comes for
closure before submission to 2LOD/Audit, Monitor and report to relevant governance
bodies on the status of issue/actions.
• Support in identifying, assessing and recording operational risk events for the
security incidents
• Contribute to risk appetite statements, emerging risks and regular assessment
• Review KRIs to ensure meaningful metrics for management oversight,
review/challenge breaches to understand root causes, consult on lessons learned
exercises and work with business owners to develop a ‘path to green’ where
appropriate
• Consolidate and report on the results of risk and control activity to internal
stakeholders, escalating as required
Leadership:
• Support ad-hoc cross-Technology control initiatives where appropriate
• Build strong relationships with peers to enable cross functional oversight and develop
and implement best practices.
• Share knowledge and experience with other members of the team, driving
consistency and ‘added value’
• Establish positive working relationships with senior stakeholders across the business.
What we’re looking for:
• Experience of Internal Audit engagement, controls remediation and audit validation
either from a 1LOD ownership perspective or 2LOD/3LOD validation in the
Cyber/Information Security domain.
• Strong knowledge of Information Security Processes, Risks & Controls within
Financial Services, and ability to demonstrate an understanding of key challenges
and risks which must be mitigated and managed to enable successful delivery