VP Information Security Risk and Control

This is an exciting opportunity for a talented individual to join our Chief Controls office (CCO), a dedicated first line risk and control function. This role has arisen due to the expansion of responsibilities, offering the successful candidate the opportunity to make an impact and actively contribute to the evolution of this function. As part of the CCO team, you will play a key role:

• Improving the oversight of non-financial risks, bringing risk and control subject matter expertise with specific focus on Information Security, to partner with 1LOD business owners to proactively identify, assess and mitigate risks.
• Providing cross functional oversight across the first line, driving best practices and consistency in control standards for the effective control of Information Security risks to within risk appetite.
• Driving behaviours to foster a risk-aware and risk intelligent culture where employees recognise their role as risk managers and the importance of the control framework.

The role would suit candidates with 2LOD/3LOD experience looking for an opportunity to move into 1LOD, or candidates with solid experience in 1LOD control/control remediation/validation in the Cyber/Information Security space. The Information Security Risk Control Vice President is a key member of the CCO team who will work closely with the Information Security department (part of the Technology division) in the oversight and validation of Information Security risk and controls. This includes but not limited to:

• Develop and implement a consistent, effective and efficient approach to the management and oversight of Information Security risks and controls.
• Identify and deliver best practices in control standards across the firm.
• Lead Technology’s engagement with Audit, also key liaison with 2LOD Risk and Compliance.

• Support the identification, assessment of Information Security risks and controls.
• Support in drafting/reviewing self-identified issues (SII) and remediation plans from a risk/control lens to ensure risks are sufficiently assessed, addressed, consider design/operating effectiveness, strategic/tactical solutions etc.
• Support in drafting/reviewing corrective actions for Audit findings.
• Support in validating corrective actions for SII and Audit findings as it comes for closure before submission to 2LOD/Audit, Monitor and report to relevant governance bodies on the status of issue/actions.
• Support in identifying, assessing and recording operational risk events for the security incidents.
• Contribute to risk appetite statements, emerging risks and regular assessment.
• Review KRIs to ensure meaningful metrics for management oversight, review/challenge breaches to understand root causes, consult on lessons learned exercises and work with business owners to develop a ‘path to green’ where appropriate.
• Consolidate and report on the results of risk and control activity to internal stakeholders, escalating as required.

• Support ad-hoc cross-Technology control initiatives where appropriate.
• Build strong relationships with peers to enable cross functional oversight and develop and implement best practices.
• Share knowledge and experience with other members of the team, driving consistency and ‘added value’.
• Establish positive working relationships with senior stakeholders across the business.

What we’re looking for:

• Experience of Internal Audit engagement, controls remediation and audit validation either from a 1LOD ownership perspective or 2LOD/3LOD validation in the Cyber/Information Security domain.
• Strong knowledge of Information Security Processes, Risks.