PB Information security officer, AS

Role Description

Divisional Risk and Control is responsible for non-financial risk and control management for the relevant operating Division or Infrastructure function or Dedicated Central Control Unit for the bank. Work includes:

• Defining the risk management framework
• Developing process and procedures to report on, manage, and mitigate risks to acceptable levels
• Maintaining operational control and discipline across the organizational unit Ensuring that business is conducted in accordance with applicable laws, regulations and in adherence to the bank's internal policies
• Providing thought-leadership around business specific risk taxonomies, assessment methodologies, process and control implementation
• Developing, tailoring and testing the control infrastructure for the business Communicating regulatory development and implications to the business Executing certain risk-related processes and draft first like risk procedures (e.g. product reviews, issue capture, regulatory change management, vendor management etc.)
• Managing Risk and Compliance data and information for both first and second lines
• Coordinating execution of risk and control self-assessment (RCSA) process Driving messaging and information from second line to first line (e.g., policies, procedures, training)
• Providing a consolidated view of non-financial risks
• Developing a positive risk culture, whilst assuring strategy alignment among various organizational levels

Your key responsibilities

• Responsible to ensure compliance with the Information Security Policy and the subordinate documents within area of responsibility
• Establish and document roles/entitlements for each of the application together with the Role owners.
• Ensure any changes to the roles are supported by documented valid justification/s along with an Impact and Risk assessment as part of business decisions
• Execute IS Risk assessment and compliance evaluations for assigned IT assets with support from BSO community
• Review and address quality issues within ISO scope of responsibilities
• Ensure execution of Information Security risk management in line with DB Information Security Policy/ Guidelines including 1) InfoSec controls 2) Mitigating Control weakness 3) End user access review and recertification 4) provide InfoSec advisory on vendor relationships 5) Support BCM and DR exercise from ISO perspective 6) Providing guidance on control implementation
• Support Chief ISO delegate on relevant actions and initiatives.
• Create Segregation of Duties (SoD) rules for IT , assess SoD Rule violations and make exception decisions
• Participate in Information Security initiatives and programmes, as relevant;
• Review and assess severity of information security breaches and recommend appropriate follow-up actions, where necessary
• Advise local business and other partners on CSO solutions and facilitate service adoption in cooperation with Central CSO teams
• Support in the review and assessment of data leakage incidents relevant to PB Booking Centre.

Your skills and experience

Education & Experience:

• Proven experience of working within Information Security / Information Technology environment ideally in Banking Environment
• Experience working on small to medium scale projects at least within a global environment
• Professional certification including ISO27001 Lead Auditor/ Lead Implementer, CISM, CRISC
• University degree.

Competencies:

• Outstanding problem solving, analytical and project management skills
• Proficiency with Microsoft Office programs; e.g. Excel , Word and PowerPoint
• Ability to work in pressurised situations
• Strong work ethic, commitment to excel and proven capacity to work effectively with minimum supervision
• Strong communication (written and verbal) and relationship skills with excellent command of the English language
• Very good influencing and management skills to liaise effectively with Business and control functions

Personal Characteristics:

• Proactive attitude and self-initiative
• Ability to think laterally.
• Strong Team Player skills as well as working independently
• Eagerness to learn and adapt to new situations and processes
• Delivery-focused, able to manage multiple deliverables to deadlines
• Flexibility with respect to new tasks and the ability to work diligently in stressful situations
• Ability to learn quickly
• Driven and able to handle day-to-day routine as well as cope with shifting priorities and changing responsibilities to meet needs and demands.