Ref: TY43397

<Contract> Japanese-speaking Security and IT Resilience Controls/ Policies and Procedures – Financial Services (Reg: TY43397)

職種 金融(銀行/証券/保険)
雇用形態 Full-time, Permanent
勤務地 ロンドン
給与(年収) £30,000 - 60,000 / Year
福利厚生 Yes
A UK financial services company that provides specialist investment banking services, expert insights and innovative solutions in global capital markets seeks someone for their current Security and IT Resilience Controls/ Policies and Procedures SME project.
This is a 1 year contract from Sep 2020 – Sep 2021

The company is organised into two divisions: the Securities Product Group and Derivatives Product Group. They offer services such as customer facilitation, broking and trading in primary and secondary debt and equity securities and an extensive range of over-the-counter derivatives contracts. They also have a corporate advisory group.


Project Background

In a letter dated 27 February 2020 the FCA provided feedback to the company on their Technology Resilience and Cyber Security Review.  The company has initiated a TRC project to address the findings raised by the FCA.  Whilst the TRC project is aligned to Project Unity it is focused on specific actions to address the FCA findings.

The TRC project has four workstreams, namely:

1. Company-wide Integration
2. Information Security and Cyber
3. IT Governance and Strategy / Change Management
4. Assurance, Risk Management and Quality

The high-level tasks for Workstream 2 have been defined as:

• 1.3 Set up over-arching Cyber Security and Controls Team
• 1.8 Set up superior vulnerability scanning
• 2.1 Review current managed service providing the company with a 24/7 SOC – with the aim to replace this with the company SOC
• 2.2 To implement a framework to enable cover to be provided by its employees. It is intended that this “out of hours” provision will be in place within 6 months
• 2.3 Conduct internal / external Pen test
• 2.4 Perform a CBEST threat led penetration test
A key principle for the TRC Project is to review and benchmark the existing IT controls against those in place and augment or adopt as required. These controls may include policies and procedures, security tools and security

Project Role

Act as Controls, Policies and Procedures lead providing  expertise, input and support for the delivery of Workstream 2 – Information Security and Cyber. This includes the performance of controls assessment, design and implementation activities
Provide SME support and input as required to the Technology deliverables being developed for Workstream 1 – Integration. 
The role requires strong cross-team, cross organisation and cross-region collaboration. Bank IT and Security Systems are deployed across EMEA and North America. The role requires a strong and broad risk and controls skillset, exemplary communication skills, project management discipline and the capacity to fluidly and efficiently balance the requirements of both the Bank and company.

Accountabilities & Responsibilities

Assess the company and security controls against other company controls (NIST). Identify any control gaps develop and obtain approval for remediation plans, and either perform, or oversee and track, their implementation. .Consider other IT standards / frameworks e.g. COBIT, ITIL to supplement NIST if required
Establish control owners and propose Key Control Indicators for company specific controls
Review IT and security policies, procedures and guidelines against the Information Security Policy Framework,  EMEA specific security policies, IT Policies, Procedures and Guidelines.  Identify gaps and improvements and address these using company policies where possible
Provide support as required to help assess or design controls and policies as part of other workstream 2 tasks
Work with the  NA Security Team on any changes to jointly owned policies and procedures,  and liaise with teams outside the Security function including IT, TPRM and Data Privacy, to ensure proper alignment and process integration where needed


Ideal candidate

Technology and Cyber Risk Frameworks (e.g. NIST/ISO27001/COBIT/ITIL) as well as Regulatory Technology and Cyber Risk frameworks and experience (Bank of England, FCA/PRA). European Regulations would be advantageous
Risk management including risk and control mapping
Controls design, implementation and assurance techniques
Stakeholder engagement and influencing skills.
Excellent inter-personal communication skills, able to liaise with all levels of the business across all regions including key stakeholders and senior management. 
Experience of creating and delivering presentations and concise writing skills to produce clear documentation (policy, reports).
更新日: 60 days ago
Ref: TY43397