Information Security Advisor
The incumbent will be responsible for advisory services that enable the achievement of the Information Security Policy for assigned divisions and business units in Global Banking and Markets and the Technology Application Group. Security objectives include integrity, confidentiality/privacy, availability and continuity and the delivery of information security. The incumbent will provide advisory services to assist in the development and support of sound security strategies, ensuring the reliable implementation of consistent and secure control processes to protect the information and data resources, by:
a) Developing sound security tactical plans towards the reliable implementation of consistent and secure control processes to protect information and data resources during integration projects.
b) Acting as central point of reference and core competency for information security to be used by business lines and associated technology groups before and during mergers and acquisitions engagements. Assisting in the inventory, classification and protection of data resources by providing guidance on a cost effective implementation of security policies and standards.
c) Representing Information Security in integration projects teams by leading security initiatives. Drive initiatives and support business functions to assess security risks and to make informed decisions to protect information assets during integration projects. Performing Security Due Diligence Reviews on organizations targeted.
d) Providing guidance to design, develop and implement sound risk management controls in accordance with standards that assure compliance with industry regulations. Keeping abreast and being well versed on financial industry regulations demands in different regions based on practical experience. Managing the infrastructure’s risk scores of acquired organizations and driving initiatives towards remediation.
e) Pursuing security and control process improvements to advance the security compliance of global security programs & offices globally during integration projects.
f) Working closely with TAG Security Operations Services to facilitate communication, support and to transmit information security vision as developed by the CISO.
1. Design and implement tactical plans for integration of acquired organizations and large complex projects in a secure fashion while keeping the information risk at an acceptable level. Address and resolve complex technical problems that will have impact on integration engagements. Provide first line subject matter expert advice on pervasive information security standards, policies and processes, information security world class standards and major regulations in the industry.
2. Particpate and lead projects to deal with short, medium and long term issues towards the implementation of a comprehensive information security program prioritizing those in alignment with Information Security Strategy. Document high risk areas, and lead reliable and timely projects delivery towards remediation. This may include first line relationship management within IS&C teams and other technology teams participating in integration projects.
3. Drive the operation of reliable security controls over logical protection, vulnerability management, application security and application change control. Develop sound tactical plans to address high risk areas that may jeopardize the information processing infrastructure availability, confidentiality/privacy, continuity and integrity during integration. Escalate delays in plans when these may compromise customer information protection or deadlines in integration projects. Identify major synergies opportunities relying on matured infrastructure or processes that can be cost effectively deployed to other subsidiaries.
4. Design, develop and report information security metrics to demonstrate advancement of the information security program implementation and escalate high risk issues accordingly. Report underlying risk of the information processing facilities.
5. Escalate deviation or risk acceptance letters through the Director of information Security for VP or CISO approval.
6. Liaise with internal and external security teams, local and international, and participate in reviews that pertain to compliance.
• Minimum 3 years or work experience managing individuals or leading project teams
• Minimum 5 years of work experience in a highly technical, architecture related field
• Highly respected both internally and externally as a technology expert with strong leadership and facilitation skills
• Has demonstrated the ability to influence senior management at Director level
• Proven expertise in the design and implementation of Information Security technology in a large heterogeneous environment.