About Chief Security Office
The Chief information Security Office (CISO) is a fully global team, with over 1500 colleagues across Europe, Asia, Africa and the Americas. We support the business in ensuring the security of the firm’s assets, and in implementing world-class security solutions to meet business needs.
CISO operates critical controls and works in partnership with the business to ensure our customers can trust Barclays to protect their sensitive information, and that the security of our critical infrastructure, staff, and assets is maintained. This is delivered through its four strategic pillars:
Protect – Defending the Bank, its customer, and our colleagues
Enable – Enabling the Business Transformation to Digital & Mobile
Innovate – Designing Tomorrow’s Cyber Defences
Educate – Enabling Global Cyber Resilience
It is the policy of Barclays to ensure equal employment opportunity without discrimination or harassment on the basis of race, color, creed, religion, national origin, alienage or citizenship status, age, sex, sexual orientation, gender identity or expression, marital or domestic/civil partnership status, disability, veteran status, genetic information, or any other basis protected by law.
Overall purpose of role
Act as a Designated Officer / CISO for BILIPL, and accordingly own accountability for the Cyber governance and embedding Group Standards for BSIPL, acting as key point of contact for ensuring optimal embedding of BU CISO capabilities across all BILIPL functions.
This role is a function that supports and partners with Business units and caters to the following core responsibilities:
Manage local cyber regulatory landscape, while managing interaction with regulatory bodies
Driving effective stakeholder relationships
Reporting BU Security Control and Risk Metrics
Maintain Security Control Posture and control remediation
Undertake Risk Assessment, review and acceptance
Manage Regulatory and Audit Engagements
Provide inputs to Controls and Standards requirements
Support Education and Awareness
Support identification of HVTs and Critical Processes
Sponsor and drive security programs
Shape Security demand
Support Incident Response
Manage CISO Service to Entity
Key Accountabilities of this Role
Manage local cyber regulatory landscape, while managing interaction with regulatory bodies and coordinating due diligence to meet regulatory obligations, as defined in existing jurisdictional regulatory framework, where applicable.
Support governance, risk and compliance (GRC) efforts specifically focusing on regulatory due diligence across various jurisdictions in alignment with Barclays’ risk and control posture.
Understand and uplift cyber hygiene and BAU controls across the entity. Partner with other CISO teams to integrate security into programs and processes.
Report on the implementation of the cybersecurity program, and communicate the cyber risk posture to help shape and inform business priorities.
Partner with Chief Security Office (CSO) stakeholders to oversee initiatives of local impact including but not limited to delivering cybersecurity awareness and training, managing incident response plans and processes etc.
Support control risk assessments, and ensure consistent reporting and escalation according to existing risk management framework.
Maintain strong partnership with stakeholders to embed regulatory requirements through group wide policies/standards and controls to drive a consistent framework that meets regulatory obligations.
Engage with regulatory bodies and act as primary point of contact for cybersecurity related matters. Coordinate response to all in-scope regulatory reviews and request for information.Track and attest to compliance to security regulations.
Demonstrate understanding of regulatory landscape and trends in the broader financial services sector.
Stakeholder Management and Leadership
This role interacts with various levels of business stakeholders, so the ability to communicate complex topics effectively at senior levels is essential
Build strong relationships & mutual trust with colleagues through your ability to communicate & respond to stakeholders in a timely manner
Ability to prioritise is critical to ensuring deliverables & deadlines are met on time
Supporting team members in many of the group-level Cyber Security processes
Decision-making and Problem Solving
Resolve queries and act as an SME advisor on cyber issues and controls
Encourage open and honest discussion, sharing knowledge and observation to support fair and ethical behaviour for all colleagues.
Make informed decisions
Use risk management principles to ensure the confidentiality, integrity & availability of information is safeguarded in accordance with Barclays operating model
Risk and Control Objective
Ensure that all activities and duties are carried out in full compliance with regulatory requirements, Enterprise Wide Risk Management Framework and internal Barclays Policies and Policy Standards.
All colleagues will be expected to demonstrate the Barclays Values of Respect, Integrity, Service, Excellence and Stewardship – our moral compass, helping us do what we believe is right. They will also be expected to demonstrate the Barclays Mindset – to Empower, Challenge and Drive – the operating manual for how we behave.
Person Specifications
Experience of operating a Cyber and Information Security Controls function
Experience of various Cyber Standards and Frameworks
Detailed knowledge of Barclays Cyber Standards and processes
Strong analytic, incident management and problem management skill set
Experienced at implementing or managing risk management processes and tools.
Good understanding of financial regulatory and compliances standards
Comfortable operating at a senior management level and influencing key stakeholders
Creative, analytical and output focused
Experienced with risk and control environments, industry standards and technology regulation
Collaborative, able to drive to agreement across varying stakeholders/interests
Essential Skills/Basic Qualifications:
Experience in working within the information and cyber security field, including systems audit or internal controls, that are relevant to our business and financial services.
Significant experience in leading and managing large teams within a complex matrix environment across multiple geographies.
Preparation and presentation of high quality material.
Experience of building and maintaining effective relationships with stakeholders through strong communication skills, both written and verbal.
Desirable skills/Preferred Qualifications:
Professional experience and /or qualification preferred.
Relevant information risk e.g. CISA, CISSP or Project management qualifications e.g. PRINCE2 would be beneficial.
Experience in relevant regulatory environment would be beneficial.